Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Festplatte beschaedigt , Daten verschwunden. (https://www.trojaner-board.de/108760-festplatte-beschaedigt-daten-verschwunden.html)

peahi 30.01.2012 10:29
Festplatte beschaedigt , Daten verschwunden.
 
Hallo

Vor zwei Tagen kam bei mir die Meldung das meine Festplatte beschaedigt ist und seitdem ist der Bildschirm scharz und die Daten verschwunden. Die logfiles sind hier:

OTL EXTRAS Logfile:
Code:
OTL logfile created on: 27/01/2012 13:48:08 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\07233745.UDS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
3.24 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.53% Memory free
5.08 Gb Paging File | 4.49 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.89 Gb Total Space | 85.78 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive Q: | 150.00 Gb Total Space | 117.78 Gb Free Space | 78.52% Space Free | Partition Type: NTFS
Drive U: | 1000.00 Gb Total Space | 247.31 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
 
Computer Name: BOTGZJPJ3J | User Name: 07233745 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/27 13:41:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\07233745.UDS\Desktop\OTL.exe
PRC - [2012/01/26 14:14:28 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe
PRC - [2012/01/26 14:04:17 | 000,455,680 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\njxvRaoskC.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 14:06:00 | 000,136,512 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2008/04/04 14:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2008/04/04 14:06:00 | 000,086,016 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/16 02:05:58 | 000,398,288 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/21 14:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/04 14:06:00 | 000,156,992 | -H-- | M] () -- C:\Program Files\Network Associates\Common Framework\naisign2.dll
MOD - [2008/04/04 14:06:00 | 000,120,128 | ---- | M] () -- C:\Program Files\Network Associates\Common Framework\naXML2_71.dll
MOD - [2006/08/18 12:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/17 14:21:41 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/10/09 14:18:17 | 000,651,720 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/04 14:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/09/18 08:39:27 | 000,134,344 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/24 18:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/08/08 07:17:54 | 002,211,456 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/04/23 15:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/10 19:29:42 | 000,041,856 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/16 17:10:46 | 000,604,928 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/16 14:46:00 | 000,160,256 | RH-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/31 00:37:18 | 000,056,320 | -H-- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/10/05 15:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2006/08/18 12:18:08 | 000,009,400 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://staffmail.nuigalway.ie/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuigalway.ie/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.nuigalway.ie/"
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 09:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/13 00:56:40 | 000,000,000 | -H-D | M]
 
[2011/03/07 09:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\07233745.UDS\Application Data\Mozilla\Extensions
[2007/10/04 13:40:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\07233745.UDS\Application Data\Mozilla\Firefox\Profiles\tgw9lgfd.default\extensions
[2011/11/15 09:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 13:03:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/13 00:56:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/11 09:30:50 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/13 00:56:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/01 15:30:44 | 000,258,560 | -H-- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2008/04/08 12:11:08 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2005/04/27 20:10:49 | 000,102,400 | -H-- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2011/10/13 10:27:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:34:22 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [njxvRaoskC.exe] C:\Documents and Settings\All Users\Application Data\njxvRaoskC.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PFO Check Settings] C:\WINDOWS\pfochk.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Connection Manager.lnk = C:\Program Files\GPS Pathfinder Office 3.00\conmgr.exe (Trimble Navigation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Project Changer.lnk = C:\Program Files\GPS Pathfinder Office 3.00\PfPjChgr.exe (Trimble Navigation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.2 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/61.08/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264168112640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264168099343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uds.nuigalway.ie
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EC62F0D-5626-4BD6-A094-29DE89D5534B}: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E21A676-C40A-4F66-8337-2BB790AB69AA}: Domain = nuigalway.ie
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\NUIG Image logo\nuigalway_logo_white_2_small.png
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/03 14:54:16 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b185742-7320-11dc-9f09-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1b185742-7320-11dc-9f09-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b185742-7320-11dc-9f09-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{edc47211-aa14-11e0-90f5-001e4fa259f2}\Shell\AutoRun\command - "" = ~Drivers\~ewytuigj.exe
O33 - MountPoints2\{edc47211-aa14-11e0-90f5-001e4fa259f2}\Shell\explore\command - "" = ~Drivers\~ewytuigj.exe
O33 - MountPoints2\{edc47211-aa14-11e0-90f5-001e4fa259f2}\Shell\open\command - "" = ~Drivers\~ewytuigj.exe
O33 - MountPoints2\{edc47211-aa14-11e0-90f5-001e4fa259f2}\Shell\search\command - "" = ~Drivers\~ewytuigj.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/27 13:49:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\07233745.UDS\Recent
[2012/01/27 13:41:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\07233745.UDS\Desktop\OTL.exe
[2012/01/27 10:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/01/26 17:46:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\07233745.UDS\Application Data\Avira
[2012/01/26 17:45:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/01/26 17:45:41 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/01/26 17:45:38 | 000,134,344 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/01/26 17:45:38 | 000,036,000 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/01/26 17:45:37 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/01/26 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/26 17:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/01/26 16:35:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\07233745.UDS\Application Data\Malwarebytes
[2012/01/26 16:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 16:35:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/26 16:35:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/26 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/26 14:14:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\07233745.UDS\Start Menu\Programs\System Check
[2012/01/26 14:14:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe
[2012/01/26 14:07:24 | 000,455,680 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\njxvRaoskC.exe
[2008/04/08 12:11:09 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/27 13:47:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\defogger_reenable
[2012/01/27 13:44:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\sk96t1ks.exe
[2012/01/27 13:42:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 13:41:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\07233745.UDS\Desktop\OTL.exe
[2012/01/27 13:40:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\Defogger.exe
[2012/01/27 09:34:18 | 000,684,297 | -H-- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\unhide.exe
[2012/01/27 09:28:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/27 09:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 17:52:55 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs
[2012/01/26 17:52:17 | 000,000,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~J0o2uYkNDq6wfs
[2012/01/26 17:52:17 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~J0o2uYkNDq6wfsr
[2012/01/26 17:45:53 | 000,001,707 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/01/26 17:43:19 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\avira_free_antivirus_en.exe
[2012/01/26 17:33:13 | 039,378,703 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\Matthias.rar
[2012/01/26 17:03:39 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/26 16:35:39 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 14:14:43 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 14:14:43 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\07233745.UDS\Desktop\System Check.lnk
[2012/01/26 13:28:14 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/24 14:30:33 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\SyncToy.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/27 13:47:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\defogger_reenable
[2012/01/27 13:44:53 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\sk96t1ks.exe
[2012/01/27 13:40:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\Defogger.exe
[2012/01/27 10:17:20 | 000,002,607 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2011.lnk
[2012/01/27 10:17:20 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/27 10:17:20 | 000,002,079 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Roxio Creator DE.lnk
[2012/01/27 10:17:20 | 000,001,707 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/01/27 10:17:20 | 000,001,625 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Minitab 16.lnk
[2012/01/27 10:17:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/27 10:17:20 | 000,001,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/27 10:17:20 | 000,001,602 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/27 10:17:20 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/01/27 10:17:20 | 000,000,897 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/27 10:17:20 | 000,000,891 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\ALDI Print Software.lnk
[2012/01/27 10:17:20 | 000,000,810 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\GPS Pathfinder Office 3.00.lnk
[2012/01/27 10:17:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/27 10:17:20 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/27 10:17:20 | 000,000,719 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/01/27 10:17:20 | 000,000,682 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/27 10:17:20 | 000,000,461 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\TerraSync.lnk
[2012/01/27 10:17:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/27 10:17:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/27 10:17:18 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/01/27 10:17:18 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Project Changer.lnk
[2012/01/27 10:17:18 | 000,000,810 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Connection Manager.lnk
[2012/01/27 10:17:13 | 000,002,371 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/01/27 10:17:13 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/27 10:17:13 | 000,001,880 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2012/01/27 10:17:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/27 10:17:13 | 000,001,808 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/01/27 10:17:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/01/27 10:17:13 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/01/27 10:17:13 | 000,000,888 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2012/01/27 10:17:13 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GPS Pathfinder Office 3.00.lnk
[2012/01/27 10:17:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/27 10:17:13 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2012/01/27 10:17:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/27 10:17:13 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/27 10:17:13 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TerraSync.lnk
[2012/01/27 09:34:16 | 000,684,297 | -H-- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\unhide.exe
[2012/01/26 17:52:17 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~J0o2uYkNDq6wfsr
[2012/01/26 17:43:19 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\avira_free_antivirus_en.exe
[2012/01/26 17:32:59 | 039,378,703 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\Matthias.rar
[2012/01/26 17:03:39 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 15:27:53 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 14:16:30 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs
[2012/01/26 14:14:43 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\07233745.UDS\Desktop\System Check.lnk
[2012/01/26 14:14:43 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~J0o2uYkNDq6wfs
[2011/03/07 09:30:00 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\07233745.UDS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 17:33:42 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\KGOleSrv.INI
[2010/11/17 14:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/11/08 15:49:03 | 000,000,148 | ---- | C] () -- C:\WINDOWS\TRIMSURV.INI
[2010/11/08 15:49:00 | 000,000,899 | ---- | C] () -- C:\WINDOWS\timezone.ini
[2010/11/08 15:48:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\pfochk.exe
[2010/10/19 14:30:25 | 000,000,413 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2010/01/25 10:28:42 | 000,001,896 | -H-- | C] () -- C:\WINDOWS\WINCONT.INI
[2009/01/26 09:02:34 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2009/01/26 08:51:04 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/13 09:22:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/05/23 15:20:28 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/05/22 10:43:28 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/05/22 10:42:20 | 000,000,719 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/22 10:38:30 | 000,093,130 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2008/05/22 10:38:30 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2008/05/09 13:43:59 | 000,000,130 | -H-- | C] () -- C:\WINDOWS\Noesys.INI
[2008/03/13 09:17:16 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/19 10:43:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/10/05 10:32:26 | 000,356,352 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/10/05 09:47:25 | 000,020,121 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/10/05 09:43:58 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/10/05 09:43:58 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/05 09:43:56 | 001,474,560 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/05 09:43:55 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/05 09:43:53 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/05 09:43:52 | 001,626,112 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/05 09:43:52 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/05 09:43:51 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/05 09:43:51 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/05 09:16:43 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/05 09:16:43 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/04 15:53:32 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/04 14:00:56 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/04 14:00:56 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/04 14:00:55 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/04 14:00:53 | 000,010,752 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/04 13:40:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/04 10:52:30 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/10/04 10:52:30 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/10/04 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/10/04 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/10/04 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/10/04 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007/10/04 10:49:29 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/10/04 10:49:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/10/03 16:00:02 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/03 15:42:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/03 15:40:20 | 000,387,200 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/03 14:57:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/03 14:49:59 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/12 16:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/11/09 21:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | -H-- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/05/09 16:19:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006/03/27 11:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/10/05 08:55:48 | 000,000,526 | -H-- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2005/06/11 10:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/04 12:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,404,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,063,586 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | -H-- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
 
========== LOP Check ==========
 
[2011/08/16 07:22:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\07233745.UDS\Application Data\Dropbox
[2011/08/25 13:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\07233745.UDS\Application Data\EndNote
[2011/03/07 09:38:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\07233745.UDS\Application Data\ScanSoft
[2011/05/12 14:32:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\07233745.UDS\Application Data\SPSSInc
[2007/10/04 13:20:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\07233745.UDS\Application Data\Zeon
[2010/10/19 14:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2011/01/11 16:04:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/06 10:37:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Minitab
[2007/10/03 15:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/11/19 15:11:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2007/12/20 14:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/19 15:10:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2009/06/30 07:04:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/11 14:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2007/12/20 14:40:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2011/12/06 11:36:26 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\Tasks\Minitab Software Update Manager.job
[2012/01/27 09:28:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/24 14:30:33 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\Tasks\SyncToy.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
--- --- ---

[/TABLE]

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 27/01/2012 13:48:08 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\07233745.UDS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
3.24 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.53% Memory free
5.08 Gb Paging File | 4.49 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.89 Gb Total Space | 85.78 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive Q: | 150.00 Gb Total Space | 117.78 Gb Free Space | 78.52% Space Free | Partition Type: NTFS
Drive U: | 1000.00 Gb Total Space | 247.31 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
 
Computer Name: BOTGZJPJ3J | User Name: 07233745 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Documents and Settings\07233745.UDS\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\07233745.UDS\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"D:\setup\hppapd.exe" = D:\setup\hppapd.exe:*:Enabled:hppapd.exe
"D:\setup\HPNTWKEXE.EXE" = D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe" = C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Disabled:Microsoft (R) Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)
"C:\Documents and Settings\User\Desktop\ChromeSetup.exe" = C:\Documents and Settings\User\Desktop\ChromeSetup.exe:*:Enabled:ChromeSetup
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C92C419-4DAA-4B9B-B04F-C2E3CDEDCAF9}" = SoftwareManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}" = Java(TM) SE Development Kit 6 Update 6
"{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{488968FC-9ECC-4F41-AE38-5A94F80F165F}" = ScanSoft PDF Professional 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5ACDB0D6-429E-4E6F-85E4-89DC23565990}" = Minitab16
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61D199C4-5E32-4616-BA4E-1EB52CA6DA2B}" = SolidWorks eDrawings 2011
"{62F75265-0C68-46BC-8E7E-AB14E1C281F4}" = Minitab16
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6CF428B5-D735-4A0B-AA3F-693AC9285D45}" = Minitab16
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71D075F0-A6F5-40B9-A771-FC59E90B0182}" = Minitab 15 English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE24B4AE-6EB4-4AFC-80F1-057309575D45}" = BoxCar Pro 4.3.1.1
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EDB0794A-1BE2-4373-B6C5-1CA909DCBF32}" = TerraSync 2.40
"{EFDD0584-E443-4CA8-8B79-E5BE7B22651D}" = Bootstrapper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{FAF05272-84D0-44FF-8DD4-074D31035C52}" = Belfield Software Tide Plotter 2010
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Print Software" = ALDI Print Software
"ArcGIS Desktop" = ArcGIS Desktop
"Avira AntiVir Desktop" = Avira Free Antivirus
"BODC Explorer Software (v5.10)" = BODC Explorer Software (v5.10)
"BODC Software Setup (v3.00)" = BODC Software Setup (v3.00)
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.1 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"GPS Pathfinder Office 3.00" = GPS Pathfinder Office 3.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"InstallShield_{CE24B4AE-6EB4-4AFC-80F1-057309575D45}" = BoxCar Pro 4.3.1.1
"KaleidaGraph 3.6" = KaleidaGraph 3.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.89 Full
"LastFM_is1" = Last.fm 1.5.4.24567
"LI-1400" = LI-1400
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Minitab16" = Minitab 16
"MinitabSoftwareManager" = Minitab Software Update Manager
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ST6UNST #1" = DataBank GUI
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.1.10
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinControl" = WinControl
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26/01/2012 10:22:25 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 11:19:27 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 11:27:12 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 12:02:22 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 12:10:19 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 12:58:08 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 13:18:43 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
Error - 26/01/2012 13:43:41 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
 module mshtml.dll, version 7.0.6000.16825, fault address 0x0003c1b5.
 
Error - 26/01/2012 13:56:41 | Computer Name = BOTGZJPJ3J | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
 Line: 1115, StartTrace Failed, hr=0x800700a1 
 
Error - 27/01/2012 05:25:42 | Computer Name = BOTGZJPJ3J | Source = Application Error | ID = 1000
Description = Faulting application pfochk.exe, version 0.0.0.0, faulting module
pfochk.exe, version 0.0.0.0, fault address 0x0000488b.
 
[ OSession Events ]
Error - 28/06/2011 09:00:19 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 16888
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error - 20/07/2011 07:37:18 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 14459
 seconds with 4980 seconds of active time.  This session ended with a crash.
 
Error - 23/07/2011 07:09:08 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 6808
 seconds with 2880 seconds of active time.  This session ended with a crash.
 
Error - 23/07/2011 14:05:04 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 24685
 seconds with 6960 seconds of active time.  This session ended with a crash.
 
Error - 30/07/2011 06:27:49 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 2970
 seconds with 2280 seconds of active time.  This session ended with a crash.
 
Error - 03/08/2011 05:06:52 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 1045
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 03/08/2011 05:08:03 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 57
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03/08/2011 05:20:01 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 713
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01/09/2011 13:52:21 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 37058
 seconds with 16200 seconds of active time.  This session ended with a crash.
 
Error - 22/11/2011 13:41:59 | Computer Name = BOTGZJPJ3J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session
lasted 22182 seconds with 5340 seconds of active time.  This session ended with
a crash.
 
[ System Events ]
Error - 26/01/2012 12:02:16 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 26/01/2012 12:09:38 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 26/01/2012 12:57:30 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 26/01/2012 13:18:04 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 26/01/2012 13:18:13 | Computer Name = BOTGZJPJ3J | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring
 the volume.
 
Error - 26/01/2012 13:19:54 | Computer Name = BOTGZJPJ3J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
Pcmcia
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error - 26/01/2012 13:50:20 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 26/01/2012 13:50:52 | Computer Name = BOTGZJPJ3J | Source = DCOM | ID = 10010
Description = The server {F5F6647E-A36B-42BB-AD4E-A93753DE4DCD} did not register
 with DCOM within the required timeout.
 
Error - 27/01/2012 05:24:49 | Computer Name = BOTGZJPJ3J | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error:  %%5
 
Error - 27/01/2012 05:25:21 | Computer Name = BOTGZJPJ3J | Source = DCOM | ID = 10010
Description = The server {F5F6647E-A36B-42BB-AD4E-A93753DE4DCD} did not register
 with DCOM within the required timeout.
 
 
< End of report >
--- --- ---



Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-30 09:16:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 ST3160815AS rev.3.ADA
Running: sk96t1ks.exe; Driver: C:\DOCUME~1\07233745.UDS\LOCALS~1\Temp\pgdyraod.sys


---- System - GMER 1.0.15 ----

SSDT            BA69A24C                                                                                    ZwClose
SSDT            BA69A206                                                                                    ZwCreateKey
SSDT            BA69A256                                                                                    ZwCreateSection
SSDT            BA69A1FC                                                                                    ZwCreateThread
SSDT            BA69A20B                                                                                    ZwDeleteKey
SSDT            BA69A215                                                                                    ZwDeleteValueKey
SSDT            BA69A247                                                                                    ZwDuplicateObject
SSDT            BA69A21A                                                                                    ZwLoadKey
SSDT            BA69A1E8                                                                                    ZwOpenProcess
SSDT            BA69A1ED                                                                                    ZwOpenThread
SSDT            BA69A26F                                                                                    ZwQueryValueKey
SSDT            BA69A224                                                                                    ZwReplaceKey
SSDT            BA69A260                                                                                    ZwRequestWaitReplyPort
SSDT            BA69A21F                                                                                    ZwRestoreKey
SSDT            BA69A25B                                                                                    ZwSetContextThread
SSDT            BA69A265                                                                                    ZwSetSecurityObject
SSDT            BA69A210                                                                                    ZwSetValueKey
SSDT            BA69A26A                                                                                    ZwSystemDebugControl
SSDT            BA69A1F7                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 2DAC                                                        80504648 4 Bytes  CALL AF0AAFEE
init            C:\WINDOWS\system32\drivers\Senfilt.sys                                                    entry point in "init" section [0xA7DAAA00]

---- User code sections - GMER 1.0.15 ----

.text          C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe[3280] explorer.exe  01861986 1 Byte  [03]
.text          C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe[3280] explorer.exe  0186198A 1 Byte  [00]
.text          C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe[3280] explorer.exe  0186198E 1 Byte  [01]
.text          C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe[3280] explorer.exe  01861992 1 Byte  [00]
.text          C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe[3280] explorer.exe  01861996 1 Byte  [00]
.text          ...                                                                                       

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Fastfat \Fat                                                                    A5295D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                      DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----
Ich hoffe Ihr koennt mir helfen.
Vielen Dank

Matthias

cosinus 30.01.2012 12:36
Man postet Logfiles nicht in sinnfreien TABLE-Tags! Man verwendet CODE-Tags!


Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

peahi 30.01.2012 14:03
Hallo

sorry wegen den tables, das log vom eset:
Code:
 
ESETSmartInstaller@High as downloader log:
all ok
Update failed (41217). Trying proxy 172.16.7.738080
finished. ret_update=0 e_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=57ed1341c4b37f49b8acd67d6ad1b6c2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-30 12:53:25
# local_time=2012-01-30 12:53:25 (+0000, GMT Standard Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 329295 329295 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3715 3715 0 0
# scanned=160803
# found=3
# cleaned=3
# scan_time=2374
C:\Documents and Settings\07233745.UDS\Application Data\Sun\Java\Deployment\cache\6.0\20\631fb054-69fbb781        a variant of Win32/Kryptik.ZQB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Documents and Settings\07233745.UDS\My Documents\SoftonicDownloader_for_vlc-media-player.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Documents and Settings\All Users\Application Data\J0o2uYkNDq6wfs.exe        a variant of Win32/Kryptik.ZQB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
und die drei logs von malewarebytes in Reihenfolge

Code:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
07233745 :: BOTGZJPJ3J [administrator]

26/01/2012 17:05:06
mbam-log-2012-01-26 (17-05-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325841
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\07233745.UDS\Local Settings\Temp\Realtek_AC97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\07233745.UDS\Local Settings\Temp\4F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
Code:
 
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
07233745 :: BOTGZJPJ3J [administrator]

27/01/2012 11:01:14
mbam-log-2012-01-27 (11-01-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474909
Time elapsed: 1 hour(s), 23 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Code:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
07233745 :: BOTGZJPJ3J [administrator]

30/01/2012 11:46:10
mbam-log-2012-01-30 (11-46-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327221
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Vielen Dank

Matthias

cosinus 30.01.2012 14:04
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58