| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebookaccount gesperrt - Unbekannter Zugriff aus JapanWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.02.2012, 17:26
| #1 |
 |  Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Hallo Trojaner-Board Ich habe eine Problem, denn ich weiß leider garnicht was los ist. Von Facebook kam heute Mittag die Meldung das mein Facebook account vorrübergehend gesperrt worden ist. Wegen unbekanten Zurgriff aus Japan. Ich wusst natürlich das ich das nicht wahr. Deswegen hab ich Passwort geändert. Nun frage ich mich ob ich nun einen Trojaner habe. Ich vermute es kann auch damit zusammenhängen das ich vor kurzem eine externe Festplatte angeschlossen habe und deswegen einen Virus bekommen habe.. Aber ich kann das ja nicht beurteilen, bitte helft mir :-). Hier noch dds dateien... Ich brauch wirklich Hilfe sonst bekomm ich noch richtig ärger. :-( |
|
12.02.2012, 14:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
14.02.2012, 22:53
| #3 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus JapanCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e02baab5d846364e9df8c061623e007e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-14 09:25:03
# local_time=2012-02-14 10:25:03 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 13856466 13856466 0 0
# compatibility_mode=8192 67108863 100 0 3767 3767 0 0
# scanned=70306
# found=2
# cleaned=0
# scan_time=4569
C:\Documents and Settings\Und so halt\Desktop\Sirius MT2\metin2client_Sirius_MT2.bin a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Und so halt\My Documents\Downloads\SoftonicDownloader_fuer_simple-webcam-capture.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.02.2012 20:18:15
mbam-log-2012-02-14 (20-18-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 224449
Laufzeit: 1 Stunde(n), 22 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\splash.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22.12.2010 19:11:24
mbam-log-2010-12-22 (19-11-24).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 126
Laufzeit: 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09.12.2010 15:51:18
mbam-log-2010-12-09 (15-51-18).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 8197
Laufzeit: 3 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09.12.2010 15:51:18
mbam-log-2010-12-09 (15-51-18).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 8197
Laufzeit: 3 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08.12.2010 22:17:59
mbam-log-2010-12-08 (22-17-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 8843
Laufzeit: 3 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.11.2010 17:20:23
mbam-log-2010-11-29 (17-20-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 9206
Laufzeit: 4 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Ich hoffe ich habe alles richtig gemacht. |
|
15.02.2012, 10:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.02.2012, 12:50
| #5 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Hallo, da öffnete sich auch extras.txt ich habe das einfach mal nicht hier rein gemacht weil du sagtest ich solle nur das OTL.text reinkopieren. Code:
ATTFilter OTL logfile created on: 15.02.2012 12:30:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Und so halt\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1022,80 Mb Total Physical Memory | 713,84 Mb Available Physical Memory | 69,79% Memory free 2,41 Gb Paging File | 2,19 Gb Available in Paging File | 91,04% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,24 Gb Total Space | 9,82 Gb Free Space | 26,36% Space Free | Partition Type: NTFS Computer Name: CYBERTRON | User Name: Und so halt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.15 12:29:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Und so halt\My Documents\Downloads\OTL.exe PRC - [2012.01.21 21:43:51 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.7\ICQ.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe PRC - [2002.09.20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.02.10 21:11:47 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll MOD - [2011.11.03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2010.07.07 22:52:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2010.07.07 22:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService) SRV - [2012.02.10 21:11:47 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2009.12.16 18:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd) SRV - [2002.09.20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2011.03.29 16:04:42 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.10.20 14:37:56 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.16 08:20:56 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2010.10.11 12:41:37 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk) DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.05.09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.05.09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2007.01.29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2004.09.17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2004.09.14 10:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn) DRV - [2003.11.10 05:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid) DRV - [2003.09.26 15:40:28 | 000,051,584 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400) DRV - [2002.05.02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031778 IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found [2011.04.16 17:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Und so halt\Application Data\Mozilla\Extensions [2010.06.11 16:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Und so halt\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2011.04.10 11:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.30 16:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.08.21 11:04:40 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKU\S-1-5-21-220523388-1770027372-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-220523388-1770027372-725345543-1004..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015448937 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.2 10.0.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D84F6D-B048-450D-84AB-A0AD6B8B70A4}: DhcpNameServer = 10.0.1.2 10.0.1.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Und so halt\My Documents\My Pictures\winter-by-space.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Und so halt\My Documents\My Pictures\winter-by-space.bmp O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2010.04.11 14:32:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Documents and Settings\Und so halt\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation) Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation) Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 21:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.12 18:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DOSBox [2012.02.02 16:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SFT_de3 [2012.01.31 21:42:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Und so halt\Recent [2012.01.28 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Start Menu\Programs\Westwood [2012.01.28 18:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Westwood [2012.01.28 17:56:00 | 000,000,000 | ---D | C] -- C:\Westwood [2012.01.25 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.01.25 22:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\SFT_de3 [2012.01.25 22:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\ConduitEngine [2012.01.25 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2012.01.25 22:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Conduit [2012.01.25 22:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Temp [2012.01.25 22:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3 [2012.01.25 22:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Simple Webcam Capture [2012.01.25 22:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Start Menu\Programs\Simple Webcam Capture [2012.01.25 15:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\Fonts [2012.01.25 15:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\My Documents\New Folder (5) [2012.01.24 21:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\Eternal Legends [2012.01.22 12:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\My Documents\ICQ [2012.01.22 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\LogMeIn Hamachi [2012.01.22 01:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\I wanna be the fangame [2012.01.21 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Clonk Rage [2012.01.21 21:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ICQ7.7 [2012.01.21 21:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Application Data\ICQ [2012.01.21 21:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7 [2012.01.21 20:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Akamai [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.15 12:18:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.02.15 12:17:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.14 23:03:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-725345543-1003UA.job [2012.02.14 18:03:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-725345543-1003Core.job [2012.02.12 14:31:39 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.09 16:39:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.02.04 14:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.02.02 12:06:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.28 19:10:32 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Yuris Rache.lnk [2012.01.28 18:01:42 | 000,001,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Alarmstufe Rot 2.lnk [2012.01.25 22:09:46 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Simple Webcam Capture.lnk [2012.01.25 22:09:44 | 003,283,968 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\CT3031778_SFT_de3.exe [2012.01.25 22:09:35 | 000,173,546 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\simplecapture-setup.exe [2012.01.25 15:13:15 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.24 21:11:32 | 000,019,899 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Der Erste Auftrag ende + epilog.rtf [2012.01.24 21:08:40 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\New Rich Text Document (2).rtf [2012.01.22 03:05:12 | 000,093,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.01.22 03:05:12 | 000,060,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.22 01:39:17 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\temp [2012.01.22 01:39:17 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\save0 [2012.01.21 22:44:02 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Clonk Rage.lnk [2012.01.21 21:52:53 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk [2012.01.21 21:52:53 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.7.lnk [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 18:25:28 | 000,022,001 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\daggerfall_legal_and_installation.pdf [2012.01.28 19:10:32 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Yuris Rache.lnk [2012.01.28 18:01:42 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Alarmstufe Rot 2.lnk [2012.01.25 22:09:46 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Simple Webcam Capture.lnk [2012.01.25 22:09:34 | 003,283,968 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\CT3031778_SFT_de3.exe [2012.01.25 22:09:34 | 000,173,546 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\simplecapture-setup.exe [2012.01.24 21:11:32 | 000,019,899 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Der Erste Auftrag ende + epilog.rtf [2012.01.24 21:08:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\New Rich Text Document (2).rtf [2012.01.22 01:37:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\temp [2012.01.22 01:37:19 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\save0 [2012.01.21 22:44:02 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Clonk Rage.lnk [2012.01.21 21:52:53 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk [2012.01.21 21:52:53 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.7.lnk [2011.10.23 10:11:32 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.16 14:45:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2011.09.28 19:57:47 | 000,069,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011.08.26 23:22:30 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2011.04.26 09:24:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.04.15 20:12:29 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll [2011.04.15 20:12:27 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll [2011.04.07 10:29:26 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\room.dat [2010.11.29 16:40:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.29 07:34:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwpGerman.INI [2010.10.31 14:27:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.10.30 16:16:15 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe [2010.10.19 14:38:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI [2010.10.11 17:54:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.10.11 12:41:37 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.10.11 12:41:37 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.09.22 14:29:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.09.22 14:29:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.09.22 14:29:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010.09.22 14:28:04 | 000,037,919 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2010.09.19 00:34:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2010.09.18 17:25:25 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.09.18 17:25:23 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.09.18 17:25:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.09.18 16:31:52 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\PnkBstrK.sys [2010.08.09 11:00:35 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2010.08.09 11:00:34 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll [2010.08.09 11:00:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2010.08.03 14:26:32 | 000,000,401 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2010.07.18 16:10:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2010.07.12 21:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.31 17:01:45 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys [2010.04.23 16:50:15 | 000,052,214 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010.04.13 15:25:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.11 16:21:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.04.11 16:16:39 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.11 15:35:12 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.04.11 15:25:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll [2010.04.11 14:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.04.11 14:28:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007.05.09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004.08.04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.08.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.08.29 13:00:00 | 000,093,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.08.29 13:00:00 | 000,060,948 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.08.29 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1997.06.14 09:56:08 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2011.08.19 21:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft [2010.10.13 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.07.18 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite [2010.07.18 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011.04.06 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios [2011.09.14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2011.08.20 12:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010.05.27 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.10.30 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.16 17:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software [2011.09.09 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera [2011.09.14 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\.minecraft [2011.04.24 15:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AllVideoDownloader [2010.10.17 18:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AntMe [2010.07.18 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Astroburn Lite [2010.10.30 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Carambis [2012.02.09 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Clonk Rage [2010.07.18 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DAEMON Tools Lite [2010.05.29 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\FOG Downloader [2010.10.16 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Foxit Software [2011.09.07 12:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GetRightToGo [2010.06.04 12:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GrabPro [2011.10.12 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\gtk-2.0 [2010.12.22 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\HLSW [2012.02.13 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ICQ [2010.09.13 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\JonDo [2010.07.17 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\LolClient [2011.01.19 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mumble [2010.06.15 14:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Opera [2010.12.05 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Orbit [2011.10.17 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar [2010.10.18 19:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ScreenSeven [2010.11.17 21:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony [2010.11.17 21:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup [2010.11.07 16:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Stella [2011.10.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Tomb Raider Level Player [2011.09.06 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\TS3Client [2012.02.12 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\uTorrent [2012.02.04 14:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.10.13 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.04.14 19:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2010.11.17 21:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010.07.18 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite [2010.11.28 20:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment [2010.07.18 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011.01.03 11:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX [2011.04.06 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios [2010.10.30 16:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2011.09.14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2010.10.30 13:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.11.29 17:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.12.09 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010.10.31 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2010.12.05 12:30:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.04.11 15:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation [2010.04.11 18:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2011.08.20 12:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010.11.20 12:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.11.17 21:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation [2010.05.03 16:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.05.27 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.10.31 16:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2010.04.11 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2010.10.30 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097} < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.09.17 21:20:09 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe < %APPDATA%\*. > [2011.09.14 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\.minecraft [2010.07.17 18:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Adobe [2011.04.24 15:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AllVideoDownloader [2010.10.17 18:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AntMe [2010.07.18 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Astroburn Lite [2010.10.30 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Carambis [2012.02.09 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Clonk Rage [2010.07.18 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DAEMON Tools Lite [2011.01.02 13:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DivX [2010.05.29 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\FOG Downloader [2010.10.16 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Foxit Software [2011.09.07 12:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GetRightToGo [2010.06.04 12:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GrabPro [2011.10.12 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\gtk-2.0 [2010.11.11 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Help [2010.12.22 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\HLSW [2010.10.30 16:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\hpqLog [2012.02.13 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ICQ [2010.09.13 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\JonDo [2010.07.17 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\LolClient [2010.05.27 17:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Macromedia [2010.11.29 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Malwarebytes [2011.04.26 09:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Microsoft [2011.10.19 18:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mozilla [2011.01.19 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mumble [2010.06.15 14:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Opera [2010.12.05 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Orbit [2011.10.17 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar [2010.10.18 19:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ScreenSeven [2010.09.18 17:01:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Und so halt\Application Data\SecuROM [2011.10.23 00:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Skype [2011.10.22 23:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\skypePM [2010.11.17 21:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony [2010.11.17 21:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup [2010.11.07 16:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Stella [2010.05.31 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sun [2012.01.21 21:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\teamspeak2 [2011.10.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Tomb Raider Level Player [2011.04.30 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\tor [2011.09.06 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\TS3Client [2012.02.12 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\uTorrent [2010.05.29 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\WinRAR [2011.09.28 19:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Xfire < %APPDATA%\*.exe /s > [2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft Beta.exe [2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft Updater.exe [2010.09.25 10:15:25 | 000,232,159 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft.exe [2011.09.05 16:43:15 | 000,683,836 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft_Server.exe [2010.11.17 21:46:26 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe [2010.11.07 15:31:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.11.07 15:31:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.11.07 15:31:28 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2011.10.01 22:46:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.10.04 13:38:51 | 000,704,248 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar\unins000.exe [2010.03.31 11:17:06 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar\Update.exe [2010.11.17 21:43:55 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup\A189E68E-2253-4c3b-86B7-D77E36F13C55\QuickTimeInstaller.exe [2010.11.17 21:40:07 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup\A34E95A5-C379-4746-B607-09AE7B36A102\WMFDist11-WindowsXP-x86-ENU.exe < %SYSTEMDRIVE%\*.exe > [2005.09.16 20:04:38 | 024,850,432 | ---- | M] (Lionhead) -- C:\Fable.exe < MD5 for: AGP440.SYS > [2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll [2004.08.03 23:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2004.08.03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VIASRAID.SYS > [2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\OemDir\viasraid.sys [2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys < MD5 for: WINLOGON.EXE > [2004.08.03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.03.29 16:04:42 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2010.04.11 16:15:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.04.11 16:15:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.04.11 16:15:31 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > |
|
15.02.2012, 13:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3031778
IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2010.08.21 11:04:40 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Facebookaccount gesperrt - Unbekannter Zugriff aus Japan |
|
15.02.2012, 13:24
| #7 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus JapanCode:
ATTFilter All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
C:\Program Files\SFT_de3\prxtbSFT0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5\ deleted successfully.
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
File c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1290218 bytes
->Temporary Internet Files folder emptied: 743195 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Its Me
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 109352 bytes
->Opera cache emptied: 374670 bytes
User: NetworkService
->Temp folder emptied: 221642 bytes
->Temporary Internet Files folder emptied: 3335980 bytes
User: Und so halt
->Temp folder emptied: 19745575 bytes
->Temporary Internet Files folder emptied: 3155843 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 242174204 bytes
->Flash cache emptied: 3066 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36695 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188220072 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 443,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02152012_132013
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!
Registry entries deleted on Reboot...
|
|
15.02.2012, 13:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 14:01
| #9 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus JapanCode:
ATTFilter 13:59:05.0187 3516 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
13:59:05.0328 3516 ============================================================
13:59:05.0328 3516 Current date / time: 2012/02/15 13:59:05.0328
13:59:05.0328 3516 SystemInfo:
13:59:05.0328 3516
13:59:05.0328 3516 OS Version: 5.1.2600 ServicePack: 3.0
13:59:05.0328 3516 Product type: Workstation
13:59:05.0328 3516 ComputerName: CYBERTRON
13:59:05.0328 3516 UserName: Und so halt
13:59:05.0328 3516 Windows directory: C:\WINDOWS
13:59:05.0328 3516 System windows directory: C:\WINDOWS
13:59:05.0328 3516 Processor architecture: Intel x86
13:59:05.0328 3516 Number of processors: 1
13:59:05.0328 3516 Page size: 0x1000
13:59:05.0328 3516 Boot type: Normal boot
13:59:05.0328 3516 ============================================================
13:59:06.0921 3516 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:59:06.0921 3516 \Device\Harddisk0\DR0:
13:59:06.0921 3516 MBR used
13:59:06.0921 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
13:59:07.0015 3516 Initialize success
13:59:07.0015 3516 ============================================================
13:59:25.0718 3628 ============================================================
13:59:25.0718 3628 Scan started
13:59:25.0718 3628 Mode: Manual; SigCheck; TDLFS;
13:59:25.0718 3628 ============================================================
13:59:26.0062 3628 Abiosdsk - ok
13:59:26.0125 3628 abp480n5 - ok
13:59:26.0234 3628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:59:27.0718 3628 ACPI - ok
13:59:27.0843 3628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:59:28.0250 3628 ACPIEC - ok
13:59:28.0312 3628 adpu160m - ok
13:59:28.0453 3628 aeaudio (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\aeaudio.sys
13:59:28.0484 3628 aeaudio ( UnsignedFile.Multi.Generic ) - warning
13:59:28.0484 3628 aeaudio - detected UnsignedFile.Multi.Generic (1)
13:59:28.0625 3628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:59:28.0984 3628 aec - ok
13:59:29.0109 3628 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
13:59:29.0203 3628 AFD - ok
13:59:29.0312 3628 Aha154x - ok
13:59:29.0406 3628 aic78u2 - ok
13:59:29.0484 3628 aic78xx - ok
13:59:29.0625 3628 AliIde - ok
13:59:29.0796 3628 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:59:30.0296 3628 AmdK7 - ok
13:59:30.0390 3628 amsint - ok
13:59:30.0546 3628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:59:30.0875 3628 Arp1394 - ok
13:59:30.0953 3628 asc - ok
13:59:31.0031 3628 asc3350p - ok
13:59:31.0078 3628 asc3550 - ok
13:59:31.0281 3628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:59:31.0593 3628 AsyncMac - ok
13:59:31.0765 3628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:59:32.0109 3628 atapi - ok
13:59:32.0203 3628 Atdisk - ok
13:59:32.0343 3628 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:59:32.0406 3628 atksgt ( UnsignedFile.Multi.Generic ) - warning
13:59:32.0406 3628 atksgt - detected UnsignedFile.Multi.Generic (1)
13:59:32.0562 3628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:59:32.0875 3628 Atmarpc - ok
13:59:33.0031 3628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:59:33.0421 3628 audstub - ok
13:59:33.0578 3628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:59:34.0078 3628 Beep - ok
13:59:34.0250 3628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:59:34.0718 3628 cbidf2k - ok
13:59:34.0859 3628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:59:35.0171 3628 CCDECODE - ok
13:59:35.0281 3628 cd20xrnt - ok
13:59:35.0406 3628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:59:35.0843 3628 Cdaudio - ok
13:59:35.0984 3628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:59:36.0312 3628 Cdfs - ok
13:59:36.0453 3628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:59:36.0781 3628 Cdrom - ok
13:59:36.0875 3628 Changer - ok
13:59:37.0046 3628 CmdIde - ok
13:59:37.0187 3628 Cpqarray - ok
13:59:37.0296 3628 dac2w2k - ok
13:59:37.0390 3628 dac960nt - ok
13:59:37.0546 3628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:59:37.0890 3628 Disk - ok
13:59:38.0046 3628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:59:38.0484 3628 dmboot - ok
13:59:38.0609 3628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:59:38.0984 3628 dmio - ok
13:59:39.0093 3628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:59:39.0546 3628 dmload - ok
13:59:39.0687 3628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:59:39.0984 3628 DMusic - ok
13:59:40.0125 3628 dpti2o - ok
13:59:40.0218 3628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:59:40.0593 3628 drmkaud - ok
13:59:40.0687 3628 EagleNT - ok
13:59:40.0828 3628 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys
13:59:40.0937 3628 ElRawDisk - ok
13:59:41.0109 3628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:59:41.0468 3628 Fastfat - ok
13:59:41.0640 3628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:59:41.0968 3628 Fdc - ok
13:59:42.0093 3628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:59:42.0406 3628 Fips - ok
13:59:42.0515 3628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:59:42.0859 3628 Flpydisk - ok
13:59:43.0015 3628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:59:43.0343 3628 FltMgr - ok
13:59:43.0468 3628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:59:43.0843 3628 Fs_Rec - ok
13:59:43.0968 3628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:59:44.0437 3628 Ftdisk - ok
13:59:44.0562 3628 GarenaPEngine - ok
13:59:44.0640 3628 GGSAFERDriver - ok
13:59:44.0781 3628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:59:45.0062 3628 Gpc - ok
13:59:45.0171 3628 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:59:45.0203 3628 hamachi - ok
13:59:45.0343 3628 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:59:45.0687 3628 hidusb - ok
13:59:45.0765 3628 hpn - ok
13:59:45.0890 3628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:59:45.0984 3628 HTTP - ok
13:59:46.0093 3628 i2omgmt - ok
13:59:46.0171 3628 i2omp - ok
13:59:46.0281 3628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
13:59:46.0625 3628 i8042prt - ok
13:59:46.0796 3628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:59:47.0093 3628 Imapi - ok
13:59:47.0234 3628 ini910u - ok
13:59:47.0375 3628 IntelIde - ok
13:59:47.0500 3628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:59:47.0796 3628 Ip6Fw - ok
13:59:47.0906 3628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:59:48.0328 3628 IpFilterDriver - ok
13:59:48.0468 3628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:59:48.0765 3628 IpInIp - ok
13:59:48.0890 3628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:59:49.0171 3628 IpNat - ok
13:59:49.0359 3628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:59:49.0671 3628 IPSec - ok
13:59:49.0781 3628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:59:50.0109 3628 IRENUM - ok
13:59:50.0234 3628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:59:50.0531 3628 isapnp - ok
13:59:50.0687 3628 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
13:59:50.0718 3628 ISODrive - ok
13:59:50.0906 3628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:59:51.0203 3628 Kbdclass - ok
13:59:51.0328 3628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:59:51.0625 3628 kbdhid - ok
13:59:51.0750 3628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:59:52.0062 3628 kmixer - ok
13:59:52.0156 3628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:59:52.0281 3628 KSecDD - ok
13:59:52.0421 3628 lbrtfdc - ok
13:59:52.0562 3628 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
13:59:52.0593 3628 libusb0 ( UnsignedFile.Multi.Generic ) - warning
13:59:52.0593 3628 libusb0 - detected UnsignedFile.Multi.Generic (1)
13:59:52.0750 3628 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:59:52.0765 3628 lirsgt ( UnsignedFile.Multi.Generic ) - warning
13:59:52.0765 3628 lirsgt - detected UnsignedFile.Multi.Generic (1)
13:59:52.0906 3628 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
13:59:52.0921 3628 LVUSBSta - ok
13:59:53.0093 3628 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
13:59:53.0156 3628 MidiSyn - ok
13:59:53.0265 3628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:59:53.0687 3628 mnmdd - ok
13:59:53.0781 3628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:59:54.0078 3628 Modem - ok
13:59:54.0218 3628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:59:54.0546 3628 Mouclass - ok
13:59:54.0656 3628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:59:55.0078 3628 mouhid - ok
13:59:55.0187 3628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:59:55.0484 3628 MountMgr - ok
13:59:55.0593 3628 mraid35x - ok
13:59:55.0703 3628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:59:56.0031 3628 MRxDAV - ok
13:59:56.0171 3628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:59:56.0296 3628 MRxSmb - ok
13:59:56.0468 3628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:59:56.0781 3628 Msfs - ok
13:59:56.0890 3628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:59:57.0187 3628 MSKSSRV - ok
13:59:57.0281 3628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:59:57.0578 3628 MSPCLOCK - ok
13:59:57.0703 3628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:59:58.0000 3628 MSPQM - ok
13:59:58.0140 3628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:59:58.0421 3628 mssmbios - ok
13:59:58.0531 3628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:59:58.0828 3628 MSTEE - ok
13:59:58.0937 3628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:59:59.0031 3628 Mup - ok
13:59:59.0171 3628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:59:59.0468 3628 NABTSFEC - ok
13:59:59.0625 3628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:59:59.0953 3628 NDIS - ok
14:00:00.0093 3628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:00:00.0406 3628 NdisIP - ok
14:00:00.0562 3628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:00:00.0609 3628 NdisTapi - ok
14:00:00.0765 3628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:00:01.0046 3628 Ndisuio - ok
14:00:01.0171 3628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:00:01.0453 3628 NdisWan - ok
14:00:01.0609 3628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:00:01.0656 3628 NDProxy - ok
14:00:01.0781 3628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:00:02.0125 3628 NetBIOS - ok
14:00:02.0265 3628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:00:02.0562 3628 NetBT - ok
14:00:02.0765 3628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:00:03.0062 3628 NIC1394 - ok
14:00:03.0218 3628 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:00:03.0531 3628 nm - ok
14:00:03.0640 3628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:00:03.0937 3628 Npfs - ok
14:00:04.0109 3628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:00:04.0468 3628 Ntfs - ok
14:00:04.0640 3628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:00:05.0078 3628 Null - ok
14:00:05.0687 3628 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:00:06.0625 3628 nv - ok
14:00:06.0796 3628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:00:07.0234 3628 NwlnkFlt - ok
14:00:07.0390 3628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:00:07.0859 3628 NwlnkFwd - ok
14:00:07.0968 3628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:00:08.0250 3628 ohci1394 - ok
14:00:08.0359 3628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:00:08.0656 3628 Parport - ok
14:00:08.0765 3628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:00:09.0046 3628 PartMgr - ok
14:00:09.0187 3628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:00:09.0640 3628 ParVdm - ok
14:00:09.0781 3628 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
14:00:09.0890 3628 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
14:00:09.0890 3628 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
14:00:09.0984 3628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:00:10.0265 3628 PCI - ok
14:00:10.0390 3628 PCIDump - ok
14:00:10.0484 3628 PCIIde - ok
14:00:10.0609 3628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:00:10.0890 3628 Pcmcia - ok
14:00:10.0984 3628 PDCOMP - ok
14:00:11.0062 3628 PDFRAME - ok
14:00:11.0156 3628 PDRELI - ok
14:00:11.0250 3628 PDRFRAME - ok
14:00:11.0328 3628 perc2 - ok
14:00:11.0421 3628 perc2hib - ok
14:00:11.0671 3628 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
14:00:11.0843 3628 PID_PEPI - ok
14:00:12.0000 3628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:00:12.0296 3628 PptpMiniport - ok
14:00:12.0406 3628 PRISM_A02 - ok
14:00:12.0593 3628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:00:12.0875 3628 PSched - ok
14:00:12.0984 3628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:00:13.0421 3628 Ptilink - ok
14:00:13.0515 3628 ql1080 - ok
14:00:13.0578 3628 Ql10wnt - ok
14:00:13.0687 3628 ql12160 - ok
14:00:13.0765 3628 ql1240 - ok
14:00:13.0843 3628 ql1280 - ok
14:00:13.0968 3628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:00:14.0406 3628 RasAcd - ok
14:00:14.0531 3628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:00:14.0828 3628 Rasl2tp - ok
14:00:14.0953 3628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:00:15.0234 3628 RasPppoe - ok
14:00:15.0390 3628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:00:15.0859 3628 Raspti - ok
14:00:15.0953 3628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:00:16.0234 3628 Rdbss - ok
14:00:16.0343 3628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:00:16.0812 3628 RDPCDD - ok
14:00:16.0953 3628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:00:17.0234 3628 rdpdr - ok
14:00:17.0390 3628 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:00:17.0468 3628 RDPWD - ok
14:00:17.0625 3628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:00:17.0921 3628 redbook - ok
14:00:18.0140 3628 RT2400 (cea718c12a5e2ff91eaf8e07977c2634) C:\WINDOWS\system32\DRIVERS\RT2400.sys
14:00:18.0203 3628 RT2400 - ok
14:00:18.0484 3628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:00:18.0781 3628 Secdrv - ok
14:00:18.0953 3628 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:00:19.0031 3628 senfilt ( UnsignedFile.Multi.Generic ) - warning
14:00:19.0031 3628 senfilt - detected UnsignedFile.Multi.Generic (1)
14:00:19.0187 3628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:00:19.0468 3628 serenum - ok
14:00:19.0593 3628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:00:19.0875 3628 Serial - ok
14:00:20.0046 3628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:00:20.0328 3628 Sfloppy - ok
14:00:20.0453 3628 Simbad - ok
14:00:20.0546 3628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:00:20.0828 3628 SLIP - ok
14:00:21.0000 3628 smwdm (33147559d1e3c25f545a5a4fa372d005) C:\WINDOWS\system32\drivers\smwdm.sys
14:00:21.0046 3628 smwdm ( UnsignedFile.Multi.Generic ) - warning
14:00:21.0046 3628 smwdm - detected UnsignedFile.Multi.Generic (1)
14:00:21.0125 3628 Sparrow - ok
14:00:21.0234 3628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:00:21.0515 3628 splitter - ok
14:00:21.0671 3628 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
14:00:21.0671 3628 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
14:00:21.0687 3628 sptd ( LockedFile.Multi.Generic ) - warning
14:00:21.0687 3628 sptd - detected LockedFile.Multi.Generic (1)
14:00:21.0828 3628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:00:22.0109 3628 sr - ok
14:00:22.0265 3628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:00:22.0375 3628 Srv - ok
14:00:22.0562 3628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:00:22.0843 3628 streamip - ok
14:00:22.0968 3628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:00:23.0250 3628 swenum - ok
14:00:23.0390 3628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:00:23.0671 3628 swmidi - ok
14:00:23.0843 3628 symc810 - ok
14:00:23.0921 3628 symc8xx - ok
14:00:24.0015 3628 sym_hi - ok
14:00:24.0109 3628 sym_u3 - ok
14:00:24.0234 3628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:00:24.0531 3628 sysaudio - ok
14:00:24.0687 3628 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
14:00:24.0718 3628 tap0901 ( UnsignedFile.Multi.Generic ) - warning
14:00:24.0718 3628 tap0901 - detected UnsignedFile.Multi.Generic (1)
14:00:24.0875 3628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:00:25.0062 3628 Tcpip - ok
14:00:25.0187 3628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:00:25.0468 3628 TDPIPE - ok
14:00:25.0625 3628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:00:25.0921 3628 TDTCP - ok
14:00:26.0062 3628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:00:26.0328 3628 TermDD - ok
14:00:26.0468 3628 TosIde - ok
14:00:26.0640 3628 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
14:00:26.0953 3628 uagp35 - ok
14:00:27.0093 3628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:00:27.0359 3628 Udfs - ok
14:00:27.0484 3628 ultra - ok
14:00:27.0625 3628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:00:27.0937 3628 Update - ok
14:00:28.0093 3628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:00:28.0375 3628 usbaudio - ok
14:00:28.0484 3628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:00:28.0750 3628 usbccgp - ok
14:00:28.0890 3628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:00:29.0187 3628 usbehci - ok
14:00:29.0343 3628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:00:29.0656 3628 usbhub - ok
14:00:29.0765 3628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:00:30.0046 3628 usbprint - ok
14:00:30.0156 3628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:00:30.0437 3628 USBSTOR - ok
14:00:30.0546 3628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:00:30.0812 3628 usbuhci - ok
14:00:30.0968 3628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:00:31.0234 3628 VgaSave - ok
14:00:31.0343 3628 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:00:31.0625 3628 ViaIde - ok
14:00:31.0765 3628 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
14:00:31.0812 3628 viasraid - ok
14:00:31.0968 3628 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
14:00:32.0015 3628 vmm - ok
14:00:32.0140 3628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:00:32.0437 3628 VolSnap - ok
14:00:32.0562 3628 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
14:00:32.0578 3628 VPCNetS2 - ok
14:00:32.0781 3628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:00:33.0078 3628 Wanarp - ok
14:00:33.0171 3628 WDICA - ok
14:00:33.0312 3628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:00:33.0625 3628 wdmaud - ok
14:00:34.0031 3628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:00:34.0296 3628 WSTCODEC - ok
14:00:34.0437 3628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:00:34.0500 3628 WudfPf - ok
14:00:34.0671 3628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:00:34.0718 3628 WudfRd - ok
14:00:34.0843 3628 XDva359 - ok
14:00:34.0937 3628 XDva362 - ok
14:00:35.0078 3628 yukonwxp (dee4899b4ac10a673b2df0cdd135167e) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
14:00:35.0140 3628 yukonwxp - ok
14:00:35.0296 3628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:00:35.0546 3628 \Device\Harddisk0\DR0 - ok
14:00:35.0593 3628 Boot (0x1200) (38766ba3e7156fa2da96a98438edf300) \Device\Harddisk0\DR0\Partition0
14:00:35.0593 3628 \Device\Harddisk0\DR0\Partition0 - ok
14:00:35.0593 3628 ============================================================
14:00:35.0593 3628 Scan finished
14:00:35.0593 3628 ============================================================
14:00:35.0828 3608 Detected object count: 9
14:00:35.0828 3608 Actual detected object count: 9
14:00:54.0656 3608 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:00:54.0656 3608 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:00:54.0656 3608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:00:54.0687 3608 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
14:00:54.0687 3608 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.02.2012, 15:41
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 18:10
| #11 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus JapanCode:
ATTFilter ComboFix 12-02-15.01 - Und so halt 15.02.2012 17:55:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1033.18.1023.533 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Und so halt\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Und so halt\WINDOWS
c:\windows\desktop
c:\windows\desktop\TS GDI Theme Pack Readme.txt
c:\windows\IsUn0407.exe
c:\windows\system32\_000125_.tmp.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-15 bis 2012-02-15 ))))))))))))))))))))))))))))))
.
.
2012-02-15 12:20 . 2012-02-15 12:20 -------- d-----w- C:\_OTL
2012-02-14 20:06 . 2012-02-14 20:06 -------- d-----w- c:\program files\ESET
2012-02-12 17:27 . 2012-02-12 17:27 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\DOSBox
2012-02-11 17:41 . 2012-02-11 17:41 -------- d-----w- c:\documents and settings\Guest
2012-02-02 15:39 . 2012-02-02 15:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SFT_de3
2012-01-28 16:56 . 2012-01-28 16:56 -------- d-----w- C:\Westwood
2012-01-25 21:10 . 2012-01-25 21:10 -------- d-----w- c:\program files\Conduit
2012-01-25 21:10 . 2012-01-25 21:10 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\SFT_de3
2012-01-25 21:09 . 2012-01-25 21:09 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\Conduit
2012-01-25 21:09 . 2012-01-25 21:09 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\Temp
2012-01-25 21:09 . 2012-02-15 12:20 -------- d-----w- c:\program files\SFT_de3
2012-01-25 21:09 . 2012-01-25 21:09 -------- d-----w- c:\program files\Simple Webcam Capture
2012-01-22 08:15 . 2012-02-10 13:07 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\LogMeIn Hamachi
2012-01-21 21:43 . 2012-02-15 16:43 -------- d-----w- c:\program files\Clonk Rage
2012-01-21 20:44 . 2012-02-15 16:17 -------- d-----w- c:\documents and settings\Und so halt\Application Data\ICQ
2012-01-21 20:43 . 2012-01-21 20:53 -------- d-----w- c:\program files\ICQ7.7
2012-01-21 19:21 . 2012-01-21 19:23 -------- d-----w- c:\documents and settings\Und so halt\Local Settings\Application Data\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-03 22:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-03 21:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-03 22:56 60416 ----a-w- c:\windows\system32\packager.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-21 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-12 22:20 3305760 ----a-w- c:\documents and settings\Und so halt\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-08-25 10:17 860160 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 07:11 1388544 ------w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Clonk Rage\\Clonk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Und so halt\\Desktop\\Sirius MT2\\metin2client_Sirius_MT2.bin"=
"c:\\Documents and Settings\\Und so halt\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"1544:TCP"= 1544:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.07.2010 15:11 436792]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11.04.2010 15:34 77312]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [27.05.2010 09:07 22312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03.08.2004 23:56 14336]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [31.05.2010 17:01 33792]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp --> c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [12.10.2010 13:57 51584]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26634053
*Deregistered* - 26634053
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.1.2 10.0.1.2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
AddRemove-LEGO LOCO - c:\windows\IsUn0407.exe
AddRemove-Tomb Raider Level Editor - c:\windows\IsUn0407.exe
AddRemove-{831D4B74-7A92-4363-869D-524876C480B1}_is1 - g:\huan folder\Sirius MT2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-15 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Zeit der Fertigstellung: 2012-02-15 18:04:48
ComboFix-quarantined-files.txt 2012-02-15 17:04
.
Vor Suchlauf: 10.777.485.312 bytes free
Nach Suchlauf: 10.715.766.784 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7088141D71825C0270481B9F375C35BD
|
|
15.02.2012, 19:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 22:28
| #13 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-15 21:52:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target2Lun0 ST340014 rev.8.05
Running: nhmqhnic.exe; Driver: C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\kgryipow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xF742AA50]
SSDT sptd.sys ZwEnumerateKey [0xF745EFFE]
SSDT sptd.sys ZwEnumerateValueKey [0xF745F38C]
SSDT sptd.sys ZwOpenKey [0xF742AA30]
SSDT sptd.sys ZwQueryKey [0xF745F464]
SSDT sptd.sys ZwQueryValueKey [0xF745F2E4]
SSDT sptd.sys ZwSetValueKey [0xF745F4F6]
INT 0x62 ? 873D9CC8
INT 0x73 ? 873DDCC8
INT 0x82 ? 873D9CC8
INT 0xB4 ? 86F9FCC8
INT 0xB4 ? 86F9FCC8
INT 0xB4 ? 86F9FCC8
INT 0xB4 ? 86F9FCC8
INT 0xB4 ? 86F9FCC8
INT 0xB4 ? 86F9FCC8
---- Kernel code sections - GMER 1.0.15 ----
.text sptd.sys F73F0000 32 Bytes [5E, 67, 6F, 80, 20, 17, 6F, ...]
.text sptd.sys F73F0024 4 Bytes [74, 2F, 3E, F7]
.text sptd.sys F73F002C 424 Bytes [F2, BF, 57, 80, 66, E1, 59, ...]
.text sptd.sys F73F01E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}
.text sptd.sys F73F01EC 1 Byte [02]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF74E7D38]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF64143A0, 0x59FFE5, 0xE8000020]
.text USBPORT.SYS!DllUnload F63AD8AC 5 Bytes JMP 86F9F1D8
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF629BF80]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB8387300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7883300, 0x1B7E, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873DD308
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F73F1574] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F73F10C0] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F73F1FE0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F10C0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F1362] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F12A4] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F21BC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F1FE0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F9F308
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0xC8 0x85 0xCA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0xE6 0xC3 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2A 0xCF 0xCD 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x5E 0xC2 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x13 0xF3 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x95 0xEE 0xE1 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x88 0x25 0x14 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x3B 0xE8 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x57 0xF2 0x39 0x8B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xE1 0x8D 0xD1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x13 0xF3 0x3A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x95 0xEE 0xE1 0xB0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\Update@ImagePath system32\DRIVERS\update.sys?????hid_device_system_game?%\s??? <??_???s?????xe:??HID-compliant game controller?????.??_?????????n?????????????? ??_????1??????_?_??????8??_???D?????E?E??? ??????????????p????????_?????????n????wave????????????????USB Human Interface Device??????? ???????)???????????_???????? ?<?&?????:E??? ???^??????????????? ???????g??????te???????-???f??????? ???????????m???????A??? ???-???e?????ndM??? ???^???e??????ni????.??_???e??????????hid_device_system_game?%\s???]?_?_?_?_?_?_?_?_??to start.????????????0??1????????f?????????n?????????????1???????0????X??_????????h?????? ???????????????????????????????????????f??%SystemRoot%\system32\svchost.exe -k netsvcs?n??system32\DRIVERS\usbuhci.sys????\??\C:\WINDOWS\system32\Drivers\vmm.sys??k??? 6??_???f???????????????????????????.??TCP/IP Protocol Driver??????i8042prt?????_??????????????Provides image acquisition services for scanners and cameras.???system32\DRIVERS\termdd.sys?\termdd.sys???????p??_?????????e????Video Save??????? ???_?????????????
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0x29 0xD4 0xFB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0xED 0x09 0x2D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x95 0xEE 0xE1 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x55 0xDB 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBC 0xB8 0x4C 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xFF 0xB8 0x58 0x73 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x55 0xDB 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xEA 0xCB 0x99 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBC 0xB8 0x4C 0xC6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xFF 0xB8 0x58 0x73 ...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\88\Shell@ScrollPos1152x864(1).y 0
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:59:03 on 15.02.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Google Inc. Google Chrome 14.0.835.163 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aeaudio" (aeaudio) - "Andrea Electronics Corporation" - C:\WINDOWS\System32\drivers\aeaudio.sys "aqfjnmth" (aqfjnmth) - "VIA Technologies inc,.ltd" - C:\WINDOWS\system32\drivers\aqfjnmth.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "ElRawDisk" (ElRawDisk) - "EldoS Corporation" - C:\WINDOWS\system32\drivers\dddsk.sys "GarenaPEngine" (GarenaPEngine) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp (File not found) "GGSAFER Driver" (GGSAFERDriver) - ? - C:\Program Files\Garena\safedrv.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys "kgryipow" (kgryipow) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\kgryipow.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.10.1" (libusb0) - ? - C:\WINDOWS\System32\drivers\libusb0.sys "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "senfilt" (senfilt) - "Creative Technology Ltd." - C:\WINDOWS\System32\drivers\senfilt.sys "Sinus 1054 data" (PRISM_A02) - ? - C:\WINDOWS\System32\DRIVERS\PRISMA02.sys (File not found) "smwdm" (smwdm) - "Analog Devices, Inc." - C:\WINDOWS\System32\drivers\smwdm.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\WINDOWS\system32\Drivers\vmm.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "XDva359" (XDva359) - ? - C:\WINDOWS\system32\XDva359.sys (File not found) "XDva362" (XDva362) - ? - C:\WINDOWS\system32\XDva362.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} "{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}" - ? - (File not found | COM-object registry key not found) / hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.7" - "ICQ, LLC." - C:\Program Files\ICQ7.7\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %AllUsersProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -----( %UserProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Documents and Settings\Und so halt\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_7de0ed9.dll (File found, but it contains no detailed information) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe "LibUsb-Win32 - Daemon, Version 0.1.10.1" (libusbd) - "hxxp://libusb-win32.sourceforge.net" - C:\WINDOWS\System32\libusbd-nt.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - ? - "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" (File not found) "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 22:01:02
-----------------------------
22:01:02.328 OS Version: Windows 5.1.2600 Service Pack 3
22:01:02.328 Number of processors: 1 586 0xA00
22:01:02.328 ComputerName: CYBERTRON UserName:
22:01:03.062 Initialize success
22:02:31.265 AVAST engine defs: 12021501
22:02:37.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target2Lun0
22:02:37.875 Disk 0 Vendor: ST340014 8.05 Size: 38146MB BusType: 1
22:02:37.906 Device \Driver\viasraid -> DriverStartIo SCSIPORT.SYS f73da40e
22:02:37.906 Device \Driver\viasraid -> MajorFunction 873961f8
22:02:38.000 Disk 0 MBR read successfully
22:02:38.000 Disk 0 MBR scan
22:02:38.046 Disk 0 Windows XP default MBR code
22:02:38.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
22:02:38.171 Disk 0 scanning sectors +78108030
22:02:38.421 Disk 0 scanning C:\WINDOWS\system32\drivers
22:03:09.078 Service scanning
22:03:09.750 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:03:10.343 Modules scanning
22:03:36.031 Disk 0 trace - called modules:
22:03:36.093 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873961f8]<<
22:03:36.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873479c0]
22:03:36.093 3 CLASSPNP.SYS[f7583fd7] -> nt!IofCallDriver -> \Device\Scsi\viasraid1Port2Path0Target2Lun0[0x87347030]
22:03:36.093 \Driver\viasraid[0x87356a60] -> IRP_MJ_CREATE -> 0x873961f8
22:03:36.484 AVAST engine scan C:\WINDOWS
22:03:53.718 AVAST engine scan C:\WINDOWS\system32
22:15:56.453 AVAST engine scan C:\WINDOWS\system32\drivers
22:18:02.406 AVAST engine scan C:\Documents and Settings\Und so halt
22:20:18.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Und so halt\Desktop\MBR.dat"
22:20:18.140 The log file has been saved successfully to "C:\Documents and Settings\Und so halt\Desktop\aswMBR.txt"
|
|
15.02.2012, 22:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebookaccount gesperrt - Unbekannter Zugriff aus Japan Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 13:58
| #15 |
| | Facebookaccount gesperrt - Unbekannter Zugriff aus JapanCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/16/2012 at 09:21 AM
Application Version : 5.0.1144
Core Rules Database Version : 8249
Trace Rules Database Version: 6061
Scan type : Complete Scan
Total Scan Time : 01:11:19
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 432
Memory threats detected : 0
Registry items scanned : 34159
Registry threats detected : 0
File items scanned : 69433
File threats detected : 133
PotentiallyUnwanted.Softonic
C:\DOCUMENTS AND SETTINGS\UND SO HALT\MY DOCUMENTS\DOWNLOADS\SOFTONICDOWNLOADER_FUER_SIMPLE-WEBCAM-CAPTURE.EXE
Adware.Tracking Cookie
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxvalue.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freersaccounts.info [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freersaccounts.info [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.revenuemax.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lego.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.primawebtools.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads6.hermoment.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.soundmedia.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aim4media.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
m1.webstats.motigo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.faktmedia.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.16.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Und so halt :: CYBERTRON [Administrator] Schutz: Aktiviert 16.02.2012 12:13:00 mbam-log-2012-02-16 (12-13-00).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263644 Laufzeit: 1 Stunde(n), 35 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Facebookaccount gesperrt - Unbekannter Zugriff aus Japan |
| account, angeschlossen, externe, externe festplatte, festplatte, frage, garnicht, geschlossen, gesperrt, helft, heute, hänge, hängen, japan, kurzem, meldung, natürlich, passwort, platte, problem, troja, unbekannter, unbekante, virus, zugriff |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
