| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.12.2011, 13:45
| #16 |
| /// Malware-holic   |  Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? läuft denn im taskmanager die iexplore.exe? hab mir schon fast gedacht das wirs nicht haben, aber bisher wurde auch noch nichts weiter angezeigt, deswegen fragte ich. downloade mbr check: http://ad13.geekstogo.com/MBRCheck.exe doppelklicken log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 13:47
| #17 |
 | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? nein .. läuft nicht .. habe es bei Hitman "reparieren" lassen, habe aber jeden Tag im Autostart IE-Helper - zwei Einträge, die ich jeden deaktiviere und jeden Tag sind sie wieder da .. könnte auch an Skype liegen, oder??
__________________ |
|
16.12.2011, 13:49
| #18 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? MBRCheck, version 1.2.3
__________________(c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000003fc Kernel Drivers (total 123): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9F30000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9F10000 fltmgr.sys 0xB9EFE000 sr.sys 0xBA0F8000 Lbd.sys 0xBA108000 PxHelp20.sys 0xB9EE7000 KSecDD.sys 0xB9ED4000 WudfPf.sys 0xB9E47000 Ntfs.sys 0xB9E1A000 NDIS.sys 0xB9E00000 Mup.sys 0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB8E36000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xB8E22000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB8E08000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8DE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8C82000 \SystemRoot\system32\drivers\P17xfi.sys 0xB8C5E000 \SystemRoot\system32\drivers\portcls.sys 0xBA198000 \SystemRoot\system32\drivers\drmk.sys 0xB8C3B000 \SystemRoot\system32\drivers\ks.sys 0xB8C09000 \SystemRoot\system32\DRIVERS\ctoss2k.sys 0xB8BE2000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys 0xB8A4B000 \SystemRoot\system32\drivers\p17xfilt.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA450000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xBA6C9000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB8A34000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB8A23000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB89C5000 \SystemRoot\system32\DRIVERS\update.sys 0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB89B3000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys 0xBA238000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB8937000 \SystemRoot\System32\Drivers\wdf01000.sys 0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA268000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7C8000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5D2000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA488000 \SystemRoot\System32\drivers\vga.sys 0xBA5D4000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9DC4000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA87FF000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA87A6000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA8758000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA8730000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA86B1000 \SystemRoot\System32\vsdatant.sys 0xA868F000 \SystemRoot\System32\drivers\afd.sys 0xBA298000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xA866D000 \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys 0xBA4A8000 \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS 0xA8642000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA85D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA4B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xA8574000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xBA5E2000 \??\C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys 0xBA2E8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA378000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xBA558000 \SystemRoot\system32\DRIVERS\ew_usbenumfilter.sys 0xA84BF000 \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys 0xBA380000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA308000 \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys 0xBA388000 \SystemRoot\system32\DRIVERS\ew_juextctrl.sys 0xA84A7000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA56C000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA390000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA783000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04F000 \SystemRoot\System32\igxpdv32.DLL 0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL 0xBF47A000 \SystemRoot\System32\ATMFD.DLL 0xA8353000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA81FD000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xA83FF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xA832F000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA7F90000 \SystemRoot\system32\drivers\wdmaud.sys 0xBA278000 \SystemRoot\system32\drivers\sysaudio.sys 0xA7E52000 \SystemRoot\system32\drivers\ctusfsyn.sys 0xA791A000 \SystemRoot\system32\DRIVERS\srv.sys 0xA7AFA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xA74EE000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 42): 0 System Idle Process 4 System 772 C:\WINDOWS\system32\smss.exe 1092 csrss.exe 1116 C:\WINDOWS\system32\winlogon.exe 1176 C:\WINDOWS\system32\services.exe 1188 C:\WINDOWS\system32\lsass.exe 1408 C:\WINDOWS\system32\svchost.exe 1508 svchost.exe 1548 C:\WINDOWS\system32\svchost.exe 1592 C:\WINDOWS\system32\svchost.exe 1756 C:\Archivos de programa\HitmanPro\hmpsched.exe 1876 svchost.exe 124 svchost.exe 188 C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe 560 C:\WINDOWS\system32\spoolsv.exe 608 C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe 620 C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe 1052 C:\WINDOWS\explorer.exe 312 C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe 340 C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe 348 C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe 388 C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe 392 C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe 336 C:\Archivos de programa\Skype\Phone\Skype.exe 736 C:\WINDOWS\system32\ctfmon.exe 1952 C:\WINDOWS\system32\CTSVCCDA.EXE 2136 C:\Archivos de programa\Java\jre6\bin\jqs.exe 2272 C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe 2676 C:\WINDOWS\system32\svchost.exe 2780 C:\WINDOWS\system32\TUProgSt.exe 2892 C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe 3484 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3524 wmiprvse.exe 3580 alg.exe 2032 C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe 4060 C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe 2392 unsecapp.exe 2788 C:\WINDOWS\system32\wuauclt.exe 3832 C:\Archivos de programa\Mozilla Firefox\firefox.exe 1240 C:\Archivos de programa\Mozilla Firefox\plugin-container.exe 2452 C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`9ed8e200 (NTFS) PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.CHL Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 9CFC8D75A9B3B79AD2D82DDC3A8E515904016E5A Done! |
|
16.12.2011, 13:54
| #19 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? taskmanager: die explorer.exe läuft |
|
16.12.2011, 14:57
| #20 |
| /// Malware-holic | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? sieht gut aus. poste mir mal ne neue otl.txt evtl reagiert zonealarm da einfach nur überzogen und es gibt keine gefahr, wäre auch nicht das erste mal diese hitmanpro meldung wegen des proxys wundert mich halt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 15:12
| #21 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? okay - mach ich gleich .. also otl was ist dann aber mit diesen Meldungen von fb, dass sich zu allen möglichen Zeiten jemand bei mir einloggt ? otl poste ich gleich .. mom |
|
16.12.2011, 15:26
| #22 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? OTL Logfile: Code:
ATTFilter OTL logfile created on: 16/12/2011 14:13:57 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Richard\Escritorio Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy 1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,08% Memory free 3,84 Gb Paging File | 3,05 Gb Available in Paging File | 79,48% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa Drive C: | 146,48 Gb Total Space | 49,89 Gb Free Space | 34,06% Space Free | Partition Type: NTFS Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/15 19:26:11 | 000,097,600 | ---- | M] (SurfRight B.V.) -- C:\Archivos de programa\HitmanPro\hmpsched.exe PRC - [2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe PRC - [2011/11/10 11:18:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011/04/08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe PRC - [2011/03/29 07:48:10 | 000,408,576 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/28 16:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ========== Modules (No Company Name) ========== MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011/12/04 08:12:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011/11/10 11:18:36 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Viprebridge.dll MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011/07/09 08:23:55 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll MOD - [2011/07/09 08:22:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll MOD - [2011/07/09 08:22:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll MOD - [2011/07/09 08:22:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll MOD - [2011/07/09 08:22:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll MOD - [2011/07/09 08:14:19 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll MOD - [2011/07/09 08:14:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll MOD - [2011/07/09 08:14:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011/07/09 07:28:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll MOD - [2011/07/09 07:28:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll MOD - [2011/07/09 07:28:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll MOD - [2011/07/09 07:28:12 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll MOD - [2011/07/09 07:27:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll MOD - [2011/07/09 07:24:49 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll MOD - [2011/07/09 01:58:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011/07/09 01:57:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011/07/09 01:57:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011/06/07 09:44:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011/03/24 08:50:52 | 001,101,824 | R--- | M] () -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\NDISAPI.dll MOD - [2009/01/28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008/06/20 00:37:08 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll MOD - [2008/06/20 00:37:06 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll MOD - [2008/06/20 00:37:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2008/04/14 06:48:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll MOD - [2007/05/08 00:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll MOD - [2007/04/02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/12/15 19:26:11 | 000,097,600 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Archivos de programa\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009/11/10 12:19:48 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Archivos de programa\AskBarDis\bar\bin\AskService.exe -- (ASKService) SRV - [2008/02/28 16:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011/03/24 08:53:02 | 000,085,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2011/03/24 08:53:02 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011/03/24 08:53:02 | 000,051,456 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2011/03/24 08:53:02 | 000,026,496 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2011/03/24 08:53:02 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2011/03/24 08:53:00 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010/09/02 01:31:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/12/08 22:20:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/11/04 15:59:38 | 000,113,280 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/11/04 15:59:38 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/11/04 15:59:38 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/02/25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007/11/21 16:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi) DRV - [2007/10/10 18:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt) DRV - [2006/08/07 18:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN) DRV - [2006/06/29 05:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev) DRV - [2006/06/08 08:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx) DRV - [2005/12/08 10:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/12/08 10:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2004/08/20 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/20 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Elf 1 Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.com/ig" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=" FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 4001 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Archivos de programa\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Archivos de programa\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/10 11:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/05/13 01:13:14 | 000,000,000 | ---D | M] [2009/05/02 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Extensions [2011/12/06 09:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions [2011/12/06 09:58:28 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011/11/29 09:58:26 | 000,000,000 | ---D | M] (Elf 1.12 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073} [2011/12/06 09:58:32 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} [2011/12/06 09:58:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010/12/29 20:32:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/11/30 09:58:20 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2009/11/14 09:57:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/05/13 01:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\nostmp [2010/12/30 17:16:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\searchplugins\conduit.xml [2011/11/10 11:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions [2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} [2011/10/30 01:26:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b} [2011/11/10 11:18:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll [2011/05/13 01:12:59 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/05/13 01:12:59 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml [2011/05/13 01:12:59 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml [2011/05/13 01:12:59 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml [2011/05/13 01:12:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml [2011/05/13 01:12:59 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: Click to call with Skype = C:\Documents and Settings\Richard\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\ O1 HOSTS File: ([2011/12/13 08:33:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [MobileBroadband] C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [ZoneAlarm] C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.166.210.80 212.73.32.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C950447-7608-49DB-9F4D-BE6ECA4BD806}: DhcpNameServer = 212.166.210.80 212.73.32.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C15A04-3802-4380-ACDD-54E5F6BBD11D}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/17 20:10:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/03/29 13:02:35 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Paquete para exploración sin conexión ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ayuda de Internet Explorer ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Herramientas de instalación de Internet Explorer ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Mejoras en la exploración ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acceso al sitio de MSN ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Enlace dinámico de datos HTML ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fuentes principales de Internet Explorer ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ayuda de HTML ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - Services: "NMIndexingService" MsConfig - Services: "PLFlash DeviceIoControl Service" MsConfig - Services: "gusvc" MsConfig - Services: "ASKService" MsConfig - Services: "idsvc" MsConfig - Services: "YahooAUService" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk - Reg Error: Value error. - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Archivos de programa\phonostar\ps_timer.exe (phonostar) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Archivos de programa\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig - StartUpReg: V0220Mon.exe - hkey= - key= - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/16 12:10:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent [2011/12/15 19:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\HitmanPro [2011/12/15 19:26:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\HitmanPro [2011/12/15 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\HitmanPro [2011/12/15 19:16:55 | 006,790,472 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Richard\Escritorio\HitmanPro36beta2.exe [2011/12/15 07:32:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/12/15 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware [2011/12/15 07:32:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/15 07:32:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware [2011/12/15 07:31:45 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.1.1800.exe [2011/12/15 07:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes [2011/12/15 07:08:12 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.2.1300.exe [2011/12/13 23:40:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/13 08:26:17 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/12/13 08:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/12/13 08:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/12/13 08:24:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/12/13 08:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/12/13 08:23:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/12/13 08:23:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/13 08:15:58 | 004,337,189 | R--- | C] (Swearware) -- C:\Documents and Settings\Richard\Escritorio\ComboFix.exe [2011/12/12 19:46:54 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Richard\Escritorio\jre-6u29-windows-i586-iftw.exe [2011/12/10 21:24:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe [2011/12/07 18:48:56 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe [2011/12/07 00:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\freesmoke [2011/12/01 06:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\Skype [2011/12/01 06:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype [2011/11/28 09:49:15 | 000,026,496 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2011/11/28 09:49:05 | 000,051,456 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2011/11/28 09:48:34 | 000,011,136 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2011/11/28 09:48:01 | 000,102,784 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2011/11/27 07:41:40 | 000,085,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2011/11/27 07:40:56 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2011/11/27 07:40:51 | 001,112,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll [2011/11/27 07:40:51 | 000,072,832 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2011/11/27 07:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Vodafone [2011/11/27 07:40:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Sidebar [2011/11/27 07:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone [2011/11/27 07:40:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vodafone [2011/11/27 07:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE} [2009/11/15 12:17:20 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe [2009/11/14 09:45:21 | 000,210,416 | ---- | C] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe [2009/10/14 09:08:53 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Archivos de programa\Ad-AwareInstallation.exe [2009/06/27 17:12:19 | 037,452,296 | ---- | C] (Lavasoft ) -- C:\Archivos de programa\Ad-AwareAE.exe [2008/06/17 21:34:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/16 14:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011/12/16 12:48:01 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe [2011/12/16 12:27:58 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2011/12/16 12:27:13 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/16 12:26:42 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/16 12:26:42 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/16 12:25:48 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011/12/16 12:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/15 19:26:11 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\HitmanPro.lnk [2011/12/15 19:17:04 | 006,790,472 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Richard\Escritorio\HitmanPro36beta2.exe [2011/12/15 19:01:40 | 000,003,986 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.JPG [2011/12/15 07:32:49 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2011/12/15 07:31:59 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.1.1800.exe [2011/12/15 07:26:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.2.1300.exe [2011/12/14 21:52:56 | 000,003,426 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke3.jpg [2011/12/14 21:49:08 | 000,010,712 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke2.jpg [2011/12/14 21:48:27 | 000,010,227 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke1.jpg [2011/12/13 08:33:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/12/13 08:26:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/13 08:23:52 | 004,337,189 | R--- | M] (Swearware) -- C:\Documents and Settings\Richard\Escritorio\ComboFix.exe [2011/12/12 19:46:55 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Richard\Escritorio\jre-6u29-windows-i586-iftw.exe [2011/12/12 16:58:49 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2011/12/12 16:57:33 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/12 15:45:56 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk [2011/12/12 01:19:06 | 000,016,495 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\tüte.jpg [2011/12/11 21:32:02 | 000,007,003 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Heinz.jpg [2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe [2011/12/08 15:56:29 | 000,062,758 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg [2011/12/07 18:50:57 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk [2011/12/07 18:49:07 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe [2011/12/07 16:16:10 | 000,006,330 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg [2011/12/04 08:12:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/11/28 09:49:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2011/11/28 09:49:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf [2011/11/27 07:41:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2011/11/27 07:40:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2011/11/27 07:40:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2011/11/27 07:40:36 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk [2011/11/27 07:40:36 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk [2011/11/24 18:20:39 | 000,055,699 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg [2011/11/22 11:02:13 | 000,049,581 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg [2011/11/18 21:31:43 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u [2011/11/17 00:18:22 | 000,047,916 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.png [2011/11/16 17:53:11 | 000,003,807 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/16 12:48:01 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe [2011/12/15 19:26:11 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\HitmanPro.lnk [2011/12/15 19:19:42 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2011/12/15 19:01:40 | 000,003,986 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.JPG [2011/12/15 07:32:49 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2011/12/14 21:52:55 | 000,003,426 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke3.jpg [2011/12/14 21:49:08 | 000,010,712 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke2.jpg [2011/12/14 21:48:27 | 000,010,227 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke1.jpg [2011/12/13 08:26:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/12/13 08:26:19 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/12/13 08:24:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/12/13 08:24:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/12/13 08:24:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/12/13 08:24:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/12/13 08:24:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/12/12 01:19:05 | 000,016,495 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\tüte.jpg [2011/12/11 21:32:00 | 000,007,003 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Heinz.jpg [2011/12/08 15:56:29 | 000,062,758 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg [2011/12/07 18:50:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk [2011/12/07 16:16:07 | 000,006,330 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg [2011/12/01 06:15:20 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk [2011/11/28 09:49:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2011/11/28 09:49:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf [2011/11/27 07:41:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2011/11/27 07:40:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2011/11/27 07:40:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2011/11/27 07:40:36 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk [2011/11/27 07:40:36 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk [2011/11/24 18:20:31 | 000,055,699 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg [2011/11/22 11:02:12 | 000,049,581 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg [2011/11/17 00:18:22 | 000,047,916 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.png [2011/11/16 17:53:06 | 000,003,807 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg [2011/09/08 09:52:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/04/25 10:26:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/25 10:26:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\Documents and Settings\All Users\Datos de programa\DeviceManager.xml.rc4 [2010/08/07 14:27:06 | 001,801,933 | ---- | C] () -- C:\Archivos de programa\usbdrven.exe [2010/08/07 14:24:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\mtbjfghn.xbe [2009/11/12 22:17:10 | 033,961,728 | ---- | C] () -- C:\Archivos de programa\avira_antivir_personal_en.exe [2009/11/10 17:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2009/11/10 14:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\wklnhst.dat [2009/08/30 12:40:32 | 033,952,648 | ---- | C] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe [2009/05/02 23:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/10/13 09:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/10/12 09:09:45 | 000,000,580 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/09/11 20:26:57 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008/08/14 17:03:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\sripper.ini [2008/08/14 17:03:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI [2008/07/09 07:29:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/06/22 17:29:41 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u [2008/06/20 01:07:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/06/20 00:57:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/06/20 00:57:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/06/19 00:24:42 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/06/19 00:03:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/06/18 12:18:34 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/17 21:35:04 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini [2008/06/17 21:34:39 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2008/06/17 21:34:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008/06/17 21:34:02 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini [2008/06/17 21:34:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2008/06/17 21:34:00 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll [2008/06/17 21:22:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008/06/17 20:13:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/06/17 20:08:42 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/06/17 19:48:44 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/06/17 19:47:49 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/20 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/20 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/20 12:00:00 | 000,498,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat [2004/08/20 12:00:00 | 000,436,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/20 12:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat [2004/08/20 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/20 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/20 12:00:00 | 000,087,068 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat [2004/08/20 12:00:00 | 000,068,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/20 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/20 12:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat [2004/08/20 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/20 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/20 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/20 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/20 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/12/15 19:26:10 | 000,000,000 | R--D | M] -- C:\Archivos de programa [2008/06/23 19:05:08 | 000,000,000 | ---D | M] -- C:\audio [2009/08/20 10:45:30 | 000,000,000 | ---D | M] -- C:\c6c789cd85c440803f4234b81cd618 [2011/12/13 08:26:21 | 000,000,000 | RHSD | M] -- C:\cmdcons [2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Definitionen [2008/10/12 13:39:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings [2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Formulare [2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Lowcarb [2009/11/10 13:08:27 | 000,000,000 | R--D | M] -- C:\MSOCache [2011/02/27 12:40:03 | 000,000,000 | ---D | M] -- C:\Nexon [2010/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Programme [2011/12/13 08:38:54 | 000,000,000 | ---D | M] -- C:\Qoobox [2011/12/13 23:40:00 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009/11/12 21:52:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Video [2008/06/18 19:20:47 | 000,000,000 | ---D | M] -- C:\Von Julio von anfang an [2011/12/16 12:26:16 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2009/06/27 17:12:41 | 037,452,296 | ---- | M] (Lavasoft ) -- C:\Archivos de programa\Ad-AwareAE.exe [2009/10/14 09:11:17 | 077,086,488 | ---- | M] (Lavasoft ) -- C:\Archivos de programa\Ad-AwareInstallation.exe [2009/11/12 22:17:15 | 033,961,728 | ---- | M] () -- C:\Archivos de programa\avira_antivir_personal_en.exe [2009/11/15 12:17:30 | 003,309,072 | ---- | M] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe [2010/08/07 14:27:22 | 001,801,933 | ---- | M] () -- C:\Archivos de programa\usbdrven.exe [2009/08/30 12:42:04 | 033,952,648 | ---- | M] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe [2009/11/14 09:45:23 | 000,210,416 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/20 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll [2004/08/20 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/20 12:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2004/08/20 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll [2004/08/20 12:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004/08/20 12:00:00 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=5D5C9CC377A70D036816E7EA55F3CA73 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ERDNT\cache\user32.dll [2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2004/08/20 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe [2004/08/20 12:00:00 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/06/17 20:47:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/06/17 20:47:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008/06/17 20:47:04 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2010/02/08 12:58:34 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Richard\default.pls [2008/07/20 16:21:31 | 000,000,077 | -HS- | M] () -- C:\Documents and Settings\Richard\Desktop.ini [2011/12/16 12:24:30 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Richard\ntuser.dat [2011/12/16 14:13:24 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Richard\ntuser.dat.LOG [2011/12/16 12:24:30 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011/03/03 13:53:03 | 001,858,048 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
16.12.2011, 15:31
| #23 |
| /// Malware-holic | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? start ausführen msconfig systemstart alle haken raus außer avira (avgnt) MobileBroadband ZoneAlarm ok klicken, pc neustarten. deswegen werden wir gleich noch nach rootkits suchen. aber erst mal das ausführen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 15:35
| #24 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? im vorletzten Reiter - richtig? Zonealarm ist da aber nicht drin |
|
16.12.2011, 15:40
| #25 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? ... nur um sicher zu gehen - bei mir steht es in spanisch .. inicio müsste der Systemstart sein .. |
|
16.12.2011, 15:49
| #26 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? so .. wieder da |
|
16.12.2011, 15:56
| #27 |
| /// Malware-holic | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? sorry ich kann kein spanisch :-) http://www.chip.de/downloads/Rootkit..._21701698.html bitte rootkit unhooker laden, evtl. warnmeldung mit ok anklicken, dann bitte alle programme deaktivieren. bitte auf den tap report, dann auf scan, alles aktivieren. bitte drauf achten das c: angehakt ist dann ok klicken und während des scans nicht am pc arbeiten. am ende also nach beendigung des scans: File --> Save Report speichern und hier anhängen diesen hier anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 16:44
| #28 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? RkUnhooker report generator v0.7 ============================================== Rootkit Unhooker kernel version: 3.7.300.501 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >SSDT State NtConnectPort Actual Address 0xA87632F4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateFile Actual Address 0xA875D5CA Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateKey Actual Address 0xBA7C5E3E Hooked by: Unknown module filename NtCreatePort Actual Address 0xA8763A80 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateThread Actual Address 0xBA7C5E34 Hooked by: Unknown module filename NtCreateWaitablePort Actual Address 0xA8763BB6 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteFile Actual Address 0xA875E1E0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteKey Actual Address 0xBA7C5E43 Hooked by: Unknown module filename NtDeleteValueKey Actual Address 0xBA7C5E4D Hooked by: Unknown module filename NtLoadKey Actual Address 0xBA7C5E52 Hooked by: Unknown module filename NtLoadKey2 Actual Address 0xA877E99C Hooked by: C:\WINDOWS\System32\vsdatant.sys NtOpenFile Actual Address 0xA875DDF2 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtOpenProcess Actual Address 0xBA7C5E20 Hooked by: Unknown module filename NtOpenThread Actual Address 0xBA7C5E25 Hooked by: Unknown module filename NtRenameKey Actual Address 0xA877F72A Hooked by: C:\WINDOWS\System32\vsdatant.sys NtReplaceKey Actual Address 0xBA7C5E5C Hooked by: Unknown module filename NtRequestWaitReplyPort Actual Address 0xA8762EC4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtRestoreKey Actual Address 0xBA7C5E57 Hooked by: Unknown module filename NtSetInformationFile Actual Address 0xA875E5A4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetSecurityObject Actual Address 0xA877FC6A Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetValueKey Actual Address 0xBA7C5E48 Hooked by: Unknown module filename NtTerminateProcess Actual Address 0xBA7C5E2F Hooked by: Unknown module filename ============================================== >Shadow ============================================== >Processes Process: System Process Id: 4 EPROCESS Address: 0x89E32A00 Process: C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe Process Id: 220 EPROCESS Address: 0x89BE1788 Process: C:\WINDOWS\system32\spoolsv.exe Process Id: 372 EPROCESS Address: 0x89856B70 Process: C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe Process Id: 424 EPROCESS Address: 0x89853518 Process: C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe Process Id: 432 EPROCESS Address: 0x898A5748 Process: C:\WINDOWS\system32\smss.exe Process Id: 892 EPROCESS Address: 0x899C2278 Process: C:\WINDOWS\explorer.exe Process Id: 940 EPROCESS Address: 0x8861D380 Process: C:\WINDOWS\system32\csrss.exe Process Id: 1012 EPROCESS Address: 0x89999380 Process: C:\WINDOWS\system32\winlogon.exe Process Id: 1052 EPROCESS Address: 0x899E84F0 Process: C:\WINDOWS\system32\services.exe Process Id: 1096 EPROCESS Address: 0x899942C0 Process: C:\Archivos de programa\WinRAR\WinRAR.exe Process Id: 1100 EPROCESS Address: 0x87F49938 Process: C:\WINDOWS\system32\lsass.exe Process Id: 1108 EPROCESS Address: 0x89997DA0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1308 EPROCESS Address: 0x89988BA0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1316 EPROCESS Address: 0x8857CAE8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1412 EPROCESS Address: 0x898E5A08 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1452 EPROCESS Address: 0x89892480 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1492 EPROCESS Address: 0x898F3C30 Process: C:\Archivos de programa\HitmanPro\hmpsched.exe Process Id: 1536 EPROCESS Address: 0x89AF22E8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1580 EPROCESS Address: 0x899EDC30 Process: C:\WINDOWS\system32\CTSVCCDA.EXE Process Id: 1644 EPROCESS Address: 0x886059A0 Process: C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe Process Id: 1676 EPROCESS Address: 0x88400DA0 Process: C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe Process Id: 1708 EPROCESS Address: 0x8984E638 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1732 EPROCESS Address: 0x89989600 Process: C:\WINDOWS\system32\wuauclt.exe Process Id: 1860 EPROCESS Address: 0x89D4CA90 Process: C:\Archivos de programa\Java\jre6\bin\jqs.exe Process Id: 1996 EPROCESS Address: 0x885B6B90 Process: C:\WINDOWS\system32\TUProgSt.exe Process Id: 2064 EPROCESS Address: 0x88B9CBA0 Process: C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe Process Id: 2240 EPROCESS Address: 0x898E04B8 Process: C:\WINDOWS\system32\wbem\wmiapsrv.exe Process Id: 2904 EPROCESS Address: 0x885F4388 Process: C:\WINDOWS\system32\alg.exe Process Id: 3060 EPROCESS Address: 0x884D8B00 Process: C:\Documents and Settings\Richard\Escritorio\RkUnhooker\px4F2p1K.exe Process Id: 2440 EPROCESS Address: 0x883E0020 ============================================== >Drivers Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys Address: 0xB8EEF000 Size: 5857280 bytes Driver: C:\WINDOWS\System32\igxpdx32.DLL Address: 0xBF1E7000 Size: 2699264 bytes Driver: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2158592 bytes Driver: PnpManager Address: 0x804D7000 Size: 2158592 bytes Driver: RAW Address: 0x804D7000 Size: 2158592 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2158592 bytes Driver: Win32k Address: 0xBF800000 Size: 1859584 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1859584 bytes Driver: C:\WINDOWS\System32\igxpdv32.DLL Address: 0xBF04F000 Size: 1671168 bytes Driver: C:\WINDOWS\system32\drivers\p17xfilt.sys Address: 0xB8B04000 Size: 1667072 bytes Driver: C:\WINDOWS\system32\drivers\P17xfi.sys Address: 0xB8D3B000 Size: 1449984 bytes Driver: Ntfs.sys Address: 0xB9E47000 Size: 577536 bytes Driver: C:\WINDOWS\System32\vsdatant.sys Address: 0xA8742000 Size: 520192 bytes Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys Address: 0xB89F0000 Size: 507904 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA8663000 Size: 458752 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB8A7E000 Size: 385024 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA8837000 Size: 364544 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA7B7D000 Size: 360448 bytes Driver: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBF47A000 Size: 290816 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA775B000 Size: 266240 bytes Driver: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys Address: 0xB8CC2000 Size: 204800 bytes Driver: ACPI.sys Address: 0xB9F78000 Size: 192512 bytes Driver: NDIS.sys Address: 0xB9E1A000 Size: 184320 bytes Driver: C:\WINDOWS\System32\igxpgd32.dll Address: 0xBF024000 Size: 176128 bytes Driver: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xA71FE000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA86D3000 Size: 176128 bytes Driver: C:\WINDOWS\system32\drivers\ctusfsyn.sys Address: 0xA7F9D000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA87E7000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys Address: 0xB8C9B000 Size: 159744 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA87C1000 Size: 155648 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB8D17000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB8E9D000 Size: 147456 bytes Driver: C:\WINDOWS\system32\drivers\ks.sys Address: 0xB8CF4000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA8720000 Size: 139264 bytes Driver: C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys Address: 0xA86FE000 Size: 139264 bytes Driver: ACPI_HAL Address: 0x806E6000 Size: 134400 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806E6000 Size: 134400 bytes Driver: fltmgr.sys Address: 0xB9F10000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xB9F48000 Size: 126976 bytes Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xA8592000 Size: 114688 bytes Driver: Mup.sys Address: 0xB9E00000 Size: 106496 bytes Driver: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys Address: 0xB8EC1000 Size: 106496 bytes Driver: atapi.sys Address: 0xB9F30000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8552000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xB9EE7000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB8AED000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys Address: 0xA8370000 Size: 90112 bytes Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys Address: 0xA864E000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA8013000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys Address: 0xA83FE000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB8EDB000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA8890000 Size: 77824 bytes Driver: WudfPf.sys Address: 0xB9ED4000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes Driver: C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys Address: 0xB8A6C000 Size: 73728 bytes Driver: C:\WINDOWS\System32\igxprd32.dll Address: 0xBF012000 Size: 73728 bytes Driver: sr.sys Address: 0xB9EFE000 Size: 73728 bytes Driver: pci.sys Address: 0xB9F67000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB8ADC000 Size: 69632 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA2E8000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBA1D8000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys Address: 0xA85AE000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xBA1A8000 Size: 61440 bytes Driver: Lbd.sys Address: 0xBA0F8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xBA1E8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA84A2000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA278000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xBA1B8000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys Address: 0xA7C8D000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA0E8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys Address: 0xBA2B8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBA1F8000 Size: 53248 bytes Driver: VolSnap.sys Address: 0xBA0C8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS Address: 0xBA248000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBA218000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBA2A8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBA1C8000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xBA0B8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBA208000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xBA198000 Size: 40960 bytes Driver: isapnp.sys Address: 0xBA0A8000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA258000 Size: 40960 bytes Driver: PxHelp20.sys Address: 0xBA108000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA238000 Size: 40960 bytes Driver: disk.sys Address: 0xBA0D8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBA228000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBA298000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBA288000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xBA370000 Size: 32768 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBA498000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xBA4B0000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA440000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys Address: 0xBA378000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA448000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBA328000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xBA340000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA450000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS Address: 0xBA380000 Size: 24576 bytes Driver: C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS Address: 0xBA4A8000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xBA4A0000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA438000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBA488000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBA490000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xBA330000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA460000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA468000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA458000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xBA390000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBA59C000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xA83FA000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBA4B8000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xBA580000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys Address: 0xBA558000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBA588000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB9DC0000 Size: 12288 bytes Driver: C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys Address: 0xBA5D4000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBA5CC000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5DA000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBA5CA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBA5CE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBA5D0000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBA5C6000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBA5C8000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBA5AA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA6BA000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBA6F4000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBA7C3000 Size: 4096 bytes Driver: pciide.sys Address: 0xBA670000 Size: 4096 bytes ============================================== >Stealth ============================================== >Files Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden ============================================== >Hooks tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xA8876428 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xA8876454 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xA8876460 hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA28DB4C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBA28DB1C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA28DB3C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA28DB28 hook handler located in [vsdatant.sys] [940]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll] |
|
16.12.2011, 16:45
| #29 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? .. soll ich auf "unhook all" klicken ? |
|
16.12.2011, 16:49
| #30 |
| | Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? >SSDT State NtConnectPort Actual Address 0xA87632F4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateFile Actual Address 0xA875D5CA Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateKey Actual Address 0xBA7C5E3E Hooked by: Unknown module filename NtCreatePort Actual Address 0xA8763A80 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateThread Actual Address 0xBA7C5E34 Hooked by: Unknown module filename NtCreateWaitablePort Actual Address 0xA8763BB6 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteFile Actual Address 0xA875E1E0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteKey Actual Address 0xBA7C5E43 Hooked by: Unknown module filename NtDeleteValueKey Actual Address 0xBA7C5E4D Hooked by: Unknown module filename NtLoadKey Actual Address 0xBA7C5E52 Hooked by: Unknown module filename NtLoadKey2 Actual Address 0xA877E99C Hooked by: C:\WINDOWS\System32\vsdatant.sys NtOpenFile Actual Address 0xA875DDF2 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtOpenProcess Actual Address 0xBA7C5E20 Hooked by: Unknown module filename NtOpenThread Actual Address 0xBA7C5E25 Hooked by: Unknown module filename NtRenameKey Actual Address 0xA877F72A Hooked by: C:\WINDOWS\System32\vsdatant.sys NtReplaceKey Actual Address 0xBA7C5E5C Hooked by: Unknown module filename NtRequestWaitReplyPort Actual Address 0xA8762EC4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtRestoreKey Actual Address 0xBA7C5E57 Hooked by: Unknown module filename NtSetInformationFile Actual Address 0xA875E5A4 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetSecurityObject Actual Address 0xA877FC6A Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetValueKey Actual Address 0xBA7C5E48 Hooked by: Unknown module filename NtTerminateProcess Actual Address 0xBA7C5E2F Hooked by: Unknown module filename >Shadow >Processes >Drivers >Stealth >Files Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden >Hooks tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xA8876428 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xA8876454 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xA8876460 hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA28DB4C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBA28DB1C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA28DB3C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA28DB28 hook handler located in [vsdatant.sys] [940]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) der letzte Satz wirkt etwas beunruhigend irgendwie - kann das sein.. |
|
| Themen zu Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? |
| andere, anderen, anderer, angemeldet, anmeldung, antwort, computer, interne, internet, internetstick, kein netzwerk, mail, melde, meldung, netzwerk, niemals, spanisch, stelle, stick, stimmen, suche, täglich, verändert, wirklich, überwachen, zonealarm, zugang |
Linear-Darstellung
