| |
| |||||||
Log-Analyse und Auswertung: TR/kazy.mekml.1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.04.2011, 15:58
| #1 |
 |  TR/kazy.mekml.1 Hallo zusammen, auch ich habe mir gestern den Trojaner TR/kazy.mekml.1 eingefangen. Habe dann auf Rat eines Bekannten Malwarebytes' Antmalware runtergeladen und erstmal einen Quick-Scan gemacht. Immerhin kann ich jetzt den Taskmanager wieder öffnen und ich habs auch schon hinbekommen, dass ich meine Dateien wieder sehe, allerdings sind sie alle halb transparent... Habe mir schon andere Threads zu diesem Trojaner angeschaut und mir OTL runtegeladen und poste gleich die Logs... Und auch die Info von dem Quickscan. Ich bin allerdings nicht wirklich ein PC-Held und hoffe, dass ich mich hier nicht zu doof anstelle...  Ich bin wirklich für jede Hilfe dankbar! Liebe Grüße, Nina Malware-Info: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6392 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19.04.2011 05:49:53 mbam-log-2011-04-19 (05-49-53).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167160 Laufzeit: 38 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: c:\documents and settings\all users\datos de programa\hvmejswqptwc.exe (Trojan.Agent) -> 2504 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hvmeJSwqpTWC (Trojan.Agent) -> Value: hvmeJSwqpTWC -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\documents and settings\all users\datos de programa\hvmejswqptwc.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\martina reich\configuración local\Temp\jar_cache5018406662731739562.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Habe noch einen vollständigen Scan gemacht, das Ergebnis hier: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6392 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19.04.2011 17:36:13 mbam-log-2011-04-19 (17-36-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 247669 Laufzeit: 2 Stunde(n), 47 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\system volume information\_restore{38c6ce1c-529c-4421-972f-4f24481c2f53}\RP1891\A0284361.exe (Trojan.Agent) -> Quarantined and deleted successfully. Noch eine Frage, ist es normal, dass OTL so lange braucht um die Log Files zu erstellen? Läuft bei mir jetzt schon über 40 Minuten... Geändert von nina173 (19.04.2011 um 16:38 Uhr) |
|
19.04.2011, 16:46
| #2 |
| | TR/kazy.mekml.1 OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 19.04.2011 17:00:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Martina Reich\Mis documentos\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 152,00 Mb Available Physical Memory | 30,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa Drive C: | 52,83 Gb Total Space | 4,05 Gb Free Space | 7,67% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: NINA | User Name: Martina Reich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Martina Reich\Mis documentos\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Archivos de programa\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Archivos de programa\Archivos comunes\GtFlashSwitch\GtFlashSwitch.exe (OptionNV) PRC - C:\WINDOWS\vsnpstd3.exe () PRC - C:\WINDOWS\tsnpstd3.exe () PRC - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.) PRC - C:\Archivos de programa\VeriSign\NAVI\naviclient.exe (VeriSign, Inc.) PRC - C:\Archivos de programa\VeriSign\NAVI\naviagent.exe (VeriSign, Inc.) PRC - C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation) PRC - C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE () PRC - C:\WINDOWS\system32\QCONSVC.EXE () PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) PRC - C:\Archivos de programa\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.) PRC - C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation) PRC - C:\WINDOWS\system32\rmctrl.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Martina Reich\Mis documentos\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (PLSRemoteSvc) -- File not found SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GtFlashSwitch) -- C:\Archivos de programa\Archivos comunes\GtFlashSwitch\GtFlashSwitch.exe (OptionNV) SRV - (LightScribeService) -- C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Adobe LM Service) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (navi) -- C:\Archivos de programa\VeriSign\NAVI\naviagent.exe (VeriSign, Inc.) SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE () SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (FlashUSB) -- C:\WINDOWS\system32\drivers\FlashUsb.sys (Danish Wireless Design A/S) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (GTMNDISIRPXP) -- C:\WINDOWS\system32\drivers\Gtm51Irp.sys (Option NV) DRV - (GTUQBUS) -- C:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.) DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.) DRV - (ACEDRV06) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH) DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys () DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.) DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Labtec Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Labtec Inc.) DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LHidPPKE) -- C:\WINDOWS\system32\drivers\LHidPPKE.Sys (Logitech, Inc.) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS () DRV - (w70n51) Controlador Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation) DRV - (WLAN) -- C:\WINDOWS\system32\drivers\WLANNDS.sys (Red Inalámbrica Local) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\lmouflt2.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.) DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation) DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.) DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS () DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (MMRTKRNL) -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys (ALCATech GmbH) DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.) DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation) DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation) DRV - (MarxDev3) -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS () DRV - (MarxDev2) -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS () DRV - (MarxDev1) -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS () DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) IE - HKU\.DEFAULT\..\URLSearchHook: {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sh-spion.de/ IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Archivos de programa\ICQToolbar\toolbaru.dll (IE Toolbar) IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\URLSearchHook: {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011.04.02 10:36:51 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011.03.27 08:32:54 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Archivos de programa\Mozilla Thunderbird\components [2011.03.26 16:56:44 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Archivos de programa\Mozilla Thunderbird\plugins [2010.04.30 17:24:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Extensions [2010.04.30 17:24:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.03.13 12:02:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions [2010.03.13 12:02:17 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.13 12:02:13 | 000,000,000 | -H-D | M] (PinkHope) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{333b42b0-9c75-11db-b606-0800200c9a66} [2010.03.13 12:02:13 | 000,000,000 | -H-D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2010.03.13 12:02:11 | 000,000,000 | -H-D | M] (IE Tab) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.03.13 12:02:07 | 000,000,000 | -H-D | M] (FoxClocks) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010.03.13 12:02:07 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.13 12:02:07 | 000,000,000 | -H-D | M] (Pink Fox) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66} [2010.03.13 12:02:19 | 000,000,000 | -H-D | M] (Flashbug) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\flashbug@coursevector.com [2010.03.13 12:02:17 | 000,000,000 | -H-D | M] (NewTabURL) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\newtaburl@sogame.cat [2010.03.13 12:02:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions [2010.03.13 12:02:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions\CVS [2011.04.18 19:32:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\nk4rinlt.Nino\extensions [2010.07.10 23:32:42 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\nk4rinlt.Nino\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.09 11:39:28 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\nk4rinlt.Nino\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.24 20:25:03 | 000,000,000 | -H-D | M] (FoxClocks) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\nk4rinlt.Nino\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010.03.13 12:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\ugbbe8lq.Nina1\extensions [2010.03.13 12:16:14 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\ugbbe8lq.Nina1\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.18 19:32:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions [2010.03.08 12:24:04 | 000,103,168 | -H-- | M] (Midasplayer Ltd) -- C:\Archivos de programa\Mozilla Firefox\plugins\npmidas.dll [2011.03.27 08:32:37 | 000,001,392 | -H-- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.27 08:32:37 | 000,002,344 | -H-- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.27 08:32:38 | 000,006,805 | -H-- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.27 08:32:38 | 000,001,178 | -H-- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.27 08:32:38 | 000,001,105 | -H-- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002.09.10 05:00:00 | 000,000,792 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Archivos de programa\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Archivos de programa\ICQToolbar\toolbaru.dll (IE Toolbar) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (i-Nav IDN Resolver) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Archivos de programa\ICQToolbar\toolbaru.dll (IE Toolbar) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Archivos de programa\ICQToolbar\toolbaru.dll (IE Toolbar) O3 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Archivos de programa\ICQToolbar\toolbaru.dll (IE Toolbar) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BMMGAG] C:\Archivos de programa\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Archivos de programa\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.) O4 - HKLM..\Run: [QCWLICON] C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE () O4 - HKLM..\Run: [Realtime Audio Engine] File not found O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe () O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Start RF Wireless Mouse] File not found O4 - HKLM..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tgcmd] File not found O4 - HKLM..\Run: [TPHOTKEY] C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Archivos de programa\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [TPTRAY] C:\Archivos de programa\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [UC_SMB] File not found O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Archivos de programa\MySpace\IM\MySpaceIM.exe () O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Archivos de programa\MySpace\IM\MySpaceIM.exe () O4 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004..\Run: [ICQ] C:\Archivos de programa\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004..\Run: [LDM] File not found O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Archivos de programa\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Archivos de programa\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Ayuda de i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - File not found O9 - Extra 'Tools' menuitem : Ayuda de i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - File not found O9 - Extra 'Tools' menuitem : Opciones de i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Archivos de programa\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-3223205443-1629879421-2787705077-1004\..Trusted Domains: ([]msn in Mi PC) O16 - DPF: {08EC5265-BFFB-48C1-8B3B-B96B19921616} https://www.fotoprix.es/ReveladoOnline/SetupReveladoOnline.exe (ReveladoOnlineX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} hxxp://www.cult3d.com/download/cult.cab (Cult3D ActiveX Player) O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} hxxp://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab (DownloadManager Control) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} hxxp://software-dl.real.com/073fd2f710ba77344305/netzip/RdxIE601_es.cab (RdxIE Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTServ: DllName - C:\Archivos de programa\Archivos comunes\Logitech\Bluetooth\lbtserv.dll - C:\Archivos de programa\Archivos comunes\Logitech\Bluetooth\LBTServ.dll (Logitech Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Martina Reich\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Martina Reich\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.05.18 02:48:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{528b6c12-e417-11dd-8c7c-00061bdf2c2e}\Shell - "" = AutoRun O33 - MountPoints2\{528b6c12-e417-11dd-8c7c-00061bdf2c2e}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{749bf1e0-c07f-11d8-8450-00061bdf2c2e}\Shell\AutoRun\command - "" = F:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Action Manager 32.lnk - C:\Archivos de programa\ScannerU\AM32.exe - () MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^GlobeTrotter Connect.lnk - C:\Archivos de programa\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe - (Orange_ES) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Logitech Desktop Messenger Agent.lnk - - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Logitech SetPoint.lnk - C:\Archivos de programa\Logitech\SetPoint\KEM.exe - (Logitech Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^NETGEAR WPN111 Smart Wizard.lnk - C:\Archivos de programa\NETGEAR\WPN111\WPN111.exe - (NETGEAR) MsConfig - StartUpFolder: C:^Documents and Settings^Martina Reich^Menú Inicio^Programas^Inicio^VolvicTrinkWecker.lnk - - File not found MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Archivos de programa\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) MsConfig - StartUpReg: ibmmessages - hkey= - key= - C:\Archivos de programa\IBM\Messages By IBM\ibmmessages.exe (IBM) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: Logitech Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: WLANSTA.EXE - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Paquete para exploración sin conexión ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ayuda de Internet Explorer ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Herramientas de instalación de Internet Explorer ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Mejoras en la exploración ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acceso al sitio de MSN ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Enlace dinámico de datos HTML ActiveX: {9B2C0871-098C-4102-109C-3F59DBD15935} - Internet Explorer ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fuentes principales de Internet Explorer ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ayuda de HTML ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Unable to start service SrService! ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Documents and Settings\Martina Reich\Escritorio\Dr Alban . [2011.04.18 21:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Martina Reich\Recent [2011.04.18 21:43:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Martina Reich\Datos de programa\Malwarebytes [2011.04.18 21:43:22 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.18 21:43:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware [2011.04.18 21:43:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes [2011.04.18 21:43:12 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.18 21:43:10 | 000,000,000 | -H-D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware [2011.04.18 21:41:59 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Martina Reich\Escritorio\mbam-setup-1.50.1.1100.exe [2011.04.15 07:52:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Martina Reich\Mis documentos\prüf [2011.03.31 12:54:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\ICQ7.4 [2011.03.31 12:52:38 | 000,000,000 | -H-D | C] -- C:\Archivos de programa\ICQ7.4 [2011.03.27 09:34:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Martina Reich\Datos de programa\WinRAR [2011.03.27 09:17:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\JDownloader [2011.03.27 09:16:00 | 000,000,000 | -H-D | C] -- C:\Archivos de programa\JDownloader [2008.09.11 15:49:01 | 000,147,456 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2008.09.11 15:49:01 | 000,061,440 | -H-- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2008.09.11 15:49:01 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2008.09.11 15:49:01 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\csnpstd3.dll [2008.03.06 20:17:39 | 005,828,544 | -H-- | C] (Mozilla) -- C:\Archivos de programa\Firefox Setup 2.0.0.12.exe [2005.05.22 23:33:39 | 021,904,216 | -H-- | C] (Apple Computer, Inc. ) -- C:\Archivos de programa\iTunesSetup.exe [2005.04.28 14:30:47 | 000,724,960 | -H-- | C] (RealVNC Ltd. ) -- C:\Archivos de programa\vnc-4_1_1-x86_win32.exe [42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\Documents and Settings\Martina Reich\*.tmp files -> C:\Documents and Settings\Martina Reich\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Documents and Settings\Martina Reich\Escritorio\Dr Alban . [2011.04.19 17:15:06 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.04.19 06:10:43 | 000,002,278 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.19 06:10:02 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.04.19 06:09:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.19 06:07:52 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI [2011.04.18 21:43:24 | 000,000,844 | -H-- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2011.04.18 21:42:13 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Martina Reich\Escritorio\mbam-setup-1.50.1.1100.exe [2011.04.16 14:11:04 | 000,329,888 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.16 12:32:05 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.16 12:09:23 | 000,498,798 | -H-- | M] () -- C:\WINDOWS\System32\perfh00A.dat [2011.04.16 12:09:23 | 000,435,594 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.16 12:09:23 | 000,086,880 | -H-- | M] () -- C:\WINDOWS\System32\perfc00A.dat [2011.04.16 12:09:23 | 000,068,490 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.06 20:22:02 | 000,028,132 | -H-- | M] () -- C:\Documents and Settings\Martina Reich\Escritorio\jacke.JPG [2011.03.31 12:54:26 | 000,001,561 | -H-- | M] () -- C:\Documents and Settings\All Users\Escritorio\ICQ7.4.lnk [2011.03.27 09:17:13 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\All Users\Escritorio\JDownloader.lnk [2011.03.23 12:34:51 | 000,040,960 | -H-- | M] () -- C:\Documents and Settings\Martina Reich\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\Documents and Settings\Martina Reich\*.tmp files -> C:\Documents and Settings\Martina Reich\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 06:07:53 | 000,002,363 | -H-- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk [2011.04.19 06:07:52 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk [2011.04.18 21:43:24 | 000,000,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk [2011.04.06 20:22:01 | 000,028,132 | -H-- | C] () -- C:\Documents and Settings\Martina Reich\Escritorio\jacke.JPG [2011.03.31 12:54:26 | 000,001,561 | -H-- | C] () -- C:\Documents and Settings\All Users\Escritorio\ICQ7.4.lnk [2011.03.27 09:17:13 | 000,000,815 | -H-- | C] () -- C:\Documents and Settings\All Users\Escritorio\JDownloader.lnk [2010.12.28 05:14:53 | 000,032,608 | -H-- | C] () -- C:\WINDOWS\king-uninstall.exe [2010.05.10 21:55:08 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\eplan.ini [2010.03.13 13:48:39 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010.03.13 13:48:39 | 000,002,412 | -H-- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009.05.03 14:15:18 | 000,051,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008.10.27 11:41:15 | 000,192,512 | RH-- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2008.10.27 11:41:15 | 000,149,392 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin [2008.10.27 11:41:14 | 000,651,264 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008.10.27 11:41:14 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008.09.11 15:49:08 | 000,827,392 | -H-- | C] () -- C:\WINDOWS\vsnpstd3.exe [2008.09.11 15:49:08 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\tsnpstd3.exe [2008.09.11 15:49:07 | 000,015,498 | -H-- | C] () -- C:\WINDOWS\snpstd3.ini [2008.06.24 20:34:54 | 000,006,812 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.06.24 20:23:29 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\InstMed.exe [2008.06.11 16:26:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008.05.22 16:31:28 | 000,000,613 | -H-- | C] () -- C:\WINDOWS\if40le.ini [2008.05.22 16:31:12 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\SCNDRVU.INI [2008.05.22 16:29:39 | 000,002,997 | -H-- | C] () -- C:\WINDOWS\If42le.ini [2008.05.22 16:29:38 | 000,000,241 | -H-- | C] () -- C:\WINDOWS\PEXPLORE.INI [2008.05.22 16:29:21 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2008.05.22 16:28:52 | 000,000,403 | -H-- | C] () -- C:\WINDOWS\umxaddin.ini [2008.03.31 15:36:01 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\ctrldll.dll [2008.03.31 15:36:01 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\rmctrl.exe [2008.03.11 11:41:00 | 000,000,305 | -H-- | C] () -- C:\Documents and Settings\All Users\Datos de programa\addr_file.html [2008.03.06 20:27:09 | 000,001,317 | -H-- | C] () -- C:\WINDOWS\mozver.dat [2008.03.06 20:19:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2006.11.25 20:31:44 | 000,111,932 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2006.11.25 20:31:44 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2006.11.25 20:31:43 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2006.11.25 20:31:43 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2006.11.25 20:31:43 | 000,026,154 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2006.11.25 20:31:43 | 000,024,903 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2006.11.25 20:31:43 | 000,021,390 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2006.11.25 20:31:43 | 000,020,148 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2006.11.25 20:31:43 | 000,011,811 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2006.11.25 20:31:43 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006.11.25 20:31:43 | 000,001,146 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2006.11.25 20:31:43 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2006.11.25 20:31:43 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2006.11.25 20:31:43 | 000,001,136 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2006.11.25 20:31:43 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2006.11.25 20:31:43 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2006.11.25 20:31:43 | 000,001,120 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2006.11.25 20:31:43 | 000,001,107 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2006.11.25 20:31:43 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2006.11.25 20:26:16 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\CDE DX4000DEFGIPS.ini [2006.09.06 16:08:02 | 000,819,200 | RH-- | C] () -- C:\WINDOWS\KochRun.exe [2006.09.06 16:08:02 | 000,001,062 | RH-- | C] () -- C:\WINDOWS\KochRun.ini [2006.09.06 16:00:47 | 000,000,068 | -H-- | C] () -- C:\WINDOWS\odbc_merge.INI [2006.09.06 15:49:45 | 000,016,387 | -H-- | C] () -- C:\WINDOWS\German.ini [2006.06.09 09:00:20 | 000,076,800 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys [2006.06.09 08:59:37 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\Tx32.dll [2006.06.09 08:59:37 | 000,000,260 | -H-- | C] () -- C:\WINDOWS\System32\IC32.INI [2006.05.02 08:57:18 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat [2006.03.20 13:26:36 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\ZSHP2600.EXE [2006.03.07 22:36:18 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\System32\Favorites.ini [2006.01.26 13:23:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Wininit.ini [2006.01.10 09:59:48 | 000,139,331 | -H-- | C] () -- C:\WINDOWS\System32\AVS.dll [2006.01.10 09:59:48 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\AVSReub.exe [2006.01.10 09:59:48 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\AVSTabla.dll [2005.12.12 02:50:01 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\homeDVD-Fotos4_dlx.INI [2005.06.01 04:46:30 | 011,210,752 | -H-- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL [2005.06.01 04:46:30 | 000,749,568 | -H-- | C] () -- C:\WINDOWS\System32\AGISSI.DLL [2005.06.01 04:46:30 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE [2005.06.01 04:46:30 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL [2005.03.16 11:51:17 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS [2005.03.16 11:51:17 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS [2005.03.16 11:51:17 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS [2005.03.16 11:51:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PROTOCOL.INI [2005.02.16 20:58:28 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.02.16 20:58:28 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0100CDE72B.sys [2005.02.02 13:42:40 | 000,000,112 | -H-- | C] () -- C:\WINDOWS\ActiveSkin.INI [2004.10.25 14:19:42 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini [2004.09.20 10:06:28 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.09 23:10:36 | 000,046,128 | -H-- | C] () -- C:\WINDOWS\System32\DLLPRF32.DAT [2004.08.07 15:09:35 | 000,000,284 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini [2004.08.05 12:53:12 | 000,040,960 | -H-- | C] () -- C:\Documents and Settings\Martina Reich\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004.08.03 22:15:22 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\homeDVD-Fotos2.INI [2004.08.03 22:10:25 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2004.08.03 22:07:03 | 000,000,182 | -H-- | C] () -- C:\WINDOWS\magix.ini [2004.08.03 22:06:58 | 000,001,010 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini [2004.07.26 18:38:11 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat [2004.07.05 12:45:19 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\warhead.ini [2004.06.18 11:40:57 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI [2004.06.18 11:39:55 | 000,000,191 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat [2004.06.08 18:39:32 | 000,000,612 | -H-- | C] () -- C:\WINDOWS\lexstat.ini [2004.06.07 20:30:18 | 006,609,800 | -H-- | C] () -- C:\Archivos de programa\psa2se_esp.exe [2004.06.04 04:26:55 | 000,000,379 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2004.03.19 15:24:20 | 000,002,954 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.03.19 15:03:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2004.03.19 15:02:40 | 000,001,112 | -H-- | C] () -- C:\WINDOWS\System32\PX.INI [2004.03.19 14:56:50 | 000,000,225 | -H-- | C] () -- C:\WINDOWS\Welcome.ini [2004.03.19 14:49:47 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe [2004.03.19 14:49:23 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2004.03.19 14:48:54 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\TPBATHLP.EXE [2004.03.19 14:48:44 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\QCONSVC.EXE [2004.03.19 14:48:44 | 000,002,295 | -H-- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004.03.19 14:48:00 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\_tpiu000.exe [2003.04.11 14:14:14 | 000,005,827 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.11.15 01:14:28 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll [2002.10.02 12:06:04 | 000,000,834 | -H-- | C] () -- C:\WINDOWS\orun32.ini [2002.10.02 11:55:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2002.10.02 11:45:31 | 000,021,900 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2002.10.02 11:38:52 | 000,004,207 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2002.10.02 11:37:59 | 000,329,888 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002.01.21 14:48:12 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\desktopset.exe [2001.08.23 07:26:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN [2001.08.23 07:24:30 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT [1999.01.27 13:39:06 | 000,065,024 | -H-- | C] () -- C:\WINDOWS\System32\indounin.dll [1999.01.26 23:00:00 | 000,114,816 | -H-- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL [1997.06.13 07:56:08 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1980.01.01 00:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [1980.01.01 00:00:00 | 000,498,798 | -H-- | C] () -- C:\WINDOWS\System32\perfh00A.dat [1980.01.01 00:00:00 | 000,435,594 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [1980.01.01 00:00:00 | 000,317,534 | -H-- | C] () -- C:\WINDOWS\System32\perfi00A.dat [1980.01.01 00:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [1980.01.01 00:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [1980.01.01 00:00:00 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980.01.01 00:00:00 | 000,086,880 | -H-- | C] () -- C:\WINDOWS\System32\perfc00A.dat [1980.01.01 00:00:00 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [1980.01.01 00:00:00 | 000,068,490 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [1980.01.01 00:00:00 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe [1980.01.01 00:00:00 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\tpinspm.dll [1980.01.01 00:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [1980.01.01 00:00:00 | 000,036,284 | -H-- | C] () -- C:\WINDOWS\System32\perfd00A.dat [1980.01.01 00:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [1980.01.01 00:00:00 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [1980.01.01 00:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [1980.01.01 00:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2008.03.07 00:33:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\BufferZone [2004.06.08 18:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\BVRP Software [2009.12.28 20:59:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\CanonBJ [2004.03.19 14:57:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\ibm [2010.03.13 13:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\LGMOBILEAX [2004.07.20 13:40:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\MSScanAppDataDir [2010.06.15 21:06:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\TechSmith [2010.05.01 11:13:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software [2006.11.25 20:35:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\UDL [2010.05.01 11:09:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009.12.23 10:30:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Amazon [2009.04.05 09:50:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Ashampoo [2008.03.19 15:15:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\DeepBurner [2007.01.05 02:08:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\EPSON [2008.03.11 17:48:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\GMX [2004.07.15 12:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\IBM [2011.04.19 16:28:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\ICQ [2008.02.08 00:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\ICQ Toolbar [2004.06.08 22:10:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Leadertech [2009.12.23 11:06:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\LG Electronics [2009.01.20 13:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\LGSync [2006.01.16 00:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\MAGIX [2008.11.05 16:06:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\OpenOffice.org [2009.10.28 10:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\phonostar-Player [2007.01.08 22:48:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\sueddeutsche.de Bildschirmschoner [2010.04.30 17:24:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Thunderbird [2010.05.01 11:14:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\TuneUp Software [2007.11.08 10:13:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\webex [2008.02.14 19:39:28 | 000,000,554 | -H-- | M] () -- C:\WINDOWS\Tasks\BMMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.08.09 10:58:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.29 21:32:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Adobe [2008.07.06 18:52:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\AdobeUM [2009.12.23 10:30:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Amazon [2005.05.22 23:36:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Apple Computer [2009.04.05 09:50:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Ashampoo [2005.02.16 20:58:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Corel [2008.03.19 15:15:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\DeepBurner [2005.02.16 20:11:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Download Manager [2010.05.14 18:55:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\dvdcss [2007.01.05 02:08:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\EPSON [2008.03.11 17:48:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\GMX [2008.03.21 19:16:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Google [2004.06.30 11:33:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Help [2004.07.15 12:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\IBM [2011.04.19 16:28:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\ICQ [2008.02.08 00:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\ICQ Toolbar [2002.10.02 11:57:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Identities [2008.02.07 23:50:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\InstallShield [2004.06.08 22:10:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Leadertech [2009.12.23 11:06:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\LG Electronics [2009.01.20 13:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\LGSync [2004.06.21 17:46:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Logitech [2004.07.30 11:38:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Macromedia [2006.01.16 00:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\MAGIX [2011.04.18 21:43:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Malwarebytes [2008.10.20 17:55:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Microsoft [2008.08.27 20:49:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla [2009.08.09 09:19:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\MSN6 [2007.07.27 19:49:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\MySpace [2008.11.05 16:06:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\OpenOffice.org [2009.10.28 10:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\phonostar-Player [2005.02.17 20:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Real [2006.06.10 17:46:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Roxio [2011.04.07 19:17:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Skype [2011.04.07 16:00:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\skypePM [2006.09.09 22:33:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Sony Corporation [2007.02.04 02:26:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\SopCast [2007.01.08 22:48:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\sueddeutsche.de Bildschirmschoner [2008.03.06 23:21:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Sun [2004.06.04 04:30:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Symantec [2010.04.30 17:24:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Thunderbird [2010.05.01 11:14:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\TuneUp Software [2010.09.20 22:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\vlc [2007.11.08 10:13:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\webex [2011.03.27 09:34:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\WinRAR [2010.01.28 19:06:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martina Reich\Datos de programa\Yahoo! < %APPDATA%\*.exe /s > [2008.04.11 15:08:00 | 021,277,080 | -H-- | M] ( ) -- C:\Documents and Settings\Martina Reich\Datos de programa\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe [2011.04.17 09:04:01 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Martina Reich\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.09 23:00:39 | 000,007,358 | RH-- | M] () -- C:\Documents and Settings\Martina Reich\Datos de programa\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe [2010.11.09 23:00:39 | 000,007,358 | RH-- | M] () -- C:\Documents and Settings\Martina Reich\Datos de programa\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe [2010.02.19 20:31:44 | 000,029,344 | -H-- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Martina Reich\Datos de programa\Mozilla\Firefox\Profiles\50aazo9u.Nina\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2009.02.16 22:45:09 | 007,049,336 | -H-- | M] (MySpace Inc.) -- C:\Documents and Settings\Martina Reich\Datos de programa\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-de-A.exe [2007.02.04 02:25:54 | 000,260,944 | -H-- | M] (www.sopcast.com) -- C:\Documents and Settings\Martina Reich\Datos de programa\SopCast\adv\SopAdver.exe < %SYSTEMDRIVE%\*.exe > [2005.11.29 14:51:59 | 000,731,116 | -H-- | M] ( ) -- C:\SudokuJESSetup3.3.exe [2001.05.24 13:59:30 | 000,162,304 | -H-- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.09.23 10:38:03 | 022,285,982 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.12.18 11:32:09 | 023,895,938 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.09.23 10:38:03 | 022,285,982 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.12.18 11:32:09 | 023,895,938 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 08:07:41 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002.09.10 05:00:00 | 010,180,710 | -H-- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys [2002.09.10 05:00:00 | 010,180,710 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.09.23 10:38:03 | 022,285,982 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.12.18 11:32:09 | 023,895,938 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.09.23 10:38:03 | 022,285,982 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.12.18 11:32:09 | 023,895,938 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:18:21 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:18:21 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll [2004.08.20 00:42:07 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 04:18:57 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe [2008.04.14 04:18:57 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004.08.20 00:42:46 | 001,034,752 | -H-- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:53 | 001,035,776 | -H-- | M] (Microsoft Corporation) MD5=DBB6B75CC6CB2CF8EC0BAFCA08AED6BE -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 15:22:28 | 001,035,776 | -H-- | M] (Microsoft Corporation) MD5=F8DDB22B6EFC5E630D65E241074C2404 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2004.08.20 00:42:18 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008.04.14 04:18:28 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:18:28 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:18:35 | 000,185,856 | -H-- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:18:35 | 000,185,856 | -H-- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll [2004.08.20 00:42:22 | 000,184,832 | -H-- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:50:25 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=237FB93C6B4330D8EE7D2448CF71C5ED -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2005.03.02 20:20:22 | 000,578,048 | -H-- | M] (Microsoft Corporation) MD5=37CE819E8ECB3517B9981A886876EF72 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.20 00:42:27 | 000,578,048 | -H-- | M] (Microsoft Corporation) MD5=5D5C9CC377A70D036816E7EA55F3CA73 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2002.11.22 12:31:18 | 000,529,920 | -H-- | M] (Microsoft Corporation) MD5=85049DCB2C2FD979B895EB0EF944EA9B -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll [2008.04.14 04:18:45 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:18:45 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\system32\user32.dll [2005.03.02 20:10:34 | 000,578,048 | -H-- | M] (Microsoft Corporation) MD5=DDA46F3DBCF32727E93976B09FBB0E83 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=FED9881C07A301271F52B51389A028C9 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2004.08.20 00:43:13 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 04:19:14 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:19:14 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 04:19:15 | 000,510,976 | -H-- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:19:15 | 000,510,976 | -H-- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe [2004.08.20 00:43:15 | 000,505,344 | -H-- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.09.10 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2002.10.02 11:37:30 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav [2002.10.02 11:37:30 | 000,634,880 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav [2002.10.02 11:37:30 | 000,430,080 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
19.04.2011, 16:49
| #3 |
| | TR/kazy.mekml.1 OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 19.04.2011 17:00:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Martina Reich\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 152,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 52,83 Gb Total Space | 4,05 Gb Free Space | 7,67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: NINA | User Name: Martina Reich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = scrfile] -- "%1" /S %*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5900:TCP" = 5900:TCP:*:Enabled:acceso antonio martin
"80:TCP" = 80:TCP:*:Enabled:internet
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Archivos de programa\Windows Live\Messenger\livecall.exe" = C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Archivos de programa\ICQ7.4\ICQ.exe" = C:\Archivos de programa\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" = C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Archivos de programa\GMX\GMX SMS-Manager\SMSMngr.exe" = C:\Archivos de programa\GMX\GMX SMS-Manager\SMSMngr.exe:*:Enabled:GMX SMS-Manager -- (1&1 Internet AG)
"C:\Archivos de programa\MySpace\IM\MySpaceIM.exe" = C:\Archivos de programa\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Archivos de programa\ICQ7.4\ICQ.exe" = C:\Archivos de programa\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Programa de utilidad de personalización del teclado de IBM ThinkPad
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236022CE-C413-474F-98FF-4E9FE19D54E1}" = Logitech Media Desktop
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{5265664F-6128-405C-9225-9782A85954FD}" = Plustek USB Scanner
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{5C8C8D88-A35C-4CF1-99F3-76256195C2B1}" = Red Inalámbrica Local 802.11b WLAN para Windows
"{5EAF9A83-3B91-45BF-8F2D-990BBEBDC9AB}" = Intel(R) Sebring API
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{7109B88E-46F0-EEC2-BFAC-81440CFDAE52}" = Volvic Trink-Wecker
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = Asistente de IBM ThinkPad UltraNav
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90300C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91CA0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-1033-F400-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{D974EE78-6760-4F8B-A93E-E17FFB8EDDAC}" = GlobeTrotter Connect
"{D9EDF47B-533C-468E-A6CD-0A29045A01E5}" = Aplicación Verificación Firma e-Factura
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Paquete de controladores de Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 7.0 Standard - English, Français, Deutsch" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.01
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"de.volvic.air.drinkreminder.92830DA63F1B23B0F9D267537DCF78B72BB95C17.1" = Volvic Trink-Wecker
"EasyEject Utility" = Programa de utilidad EasyEject de IBM ThinkPad
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"GMX SMS-Manager" = GMX SMS-Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"i-nav" = VeriSign i-Nav and Components
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"Intellisync Lite Connected Organizers V4.0" = Intellisync Lite
"JDownloader" = JDownloader
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Power Features" = Características Maximizador de batería y Gestión de energía
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = Director de presentaciones de IBM ThinkPad
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QcDrv" = Labtec® Camera-Treiber
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SnagIt7" = SnagIt 7
"SopCast" = SopCast 1.1.1
"sueddeutsche.de-Screensaver ScreenSaver" = sueddeutsche.de-Screensaver ScreenSaver
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = Configuración de IBM ThinkPad
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Instalador de software de ThinkPad
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.0.5.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2011 14:36:56 | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3989,
módulo con error: ntdll.dll, versión 5.1.2600.6055, dirección de error 0x0000100b.
Error - 20.03.2011 10:49:17 | Computer Name = NINA | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.
Error - 29.03.2011 09:29:17 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: AcroRd32.exe, versión 7.0.8.218, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 02.04.2011 03:00:17 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 6.0.2900.5512, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 03.04.2011 02:51:23 | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Aplicación con errores: update.exe, versión: 9.0.0.54, módulo con
error: msvcr90.dll, versión 9.0.30729.1, dirección de error 0x000371e2.
Error - 09.04.2011 08:43:48 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: AcroRd32.exe, versión 7.0.8.218, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 16.04.2011 04:37:55 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: thunderbird.exe, versión 1.9.2.4079, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 17.04.2011 03:05:43 | Computer Name = NINA | Source = MsiInstaller | ID = 11704
Description = Product: Adobe AIR -- Error 1704. An installation for Microsoft Office
Small Business Edition 2003 is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?
Error - 18.04.2011 15:00:14 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: VolvicTrinkWecker.exe, versión 0.0.0.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 18.04.2011 15:00:14 | Computer Name = NINA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: VolvicTrinkWecker.exe, versión 0.0.0.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
[ System Events ]
Error - 17.04.2011 23:50:45 | Computer Name = NINA | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Netman.
Error - 18.04.2011 13:19:07 | Computer Name = NINA | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio GtFlashSwitch.
Error - 18.04.2011 13:20:00 | Computer Name = NINA | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio stisvc.
Error - 18.04.2011 23:53:36 | Computer Name = NINA | Source = SRService | ID = 104
Description = Error en el proceso de inicialización de Restaurar sistema.
Error - 18.04.2011 23:53:57 | Computer Name = NINA | Source = Service Control Manager | ID = 7023
Description = El servicio Servicio de restauración de sistema terminó con el error:
%%5
Error - 19.04.2011 00:10:03 | Computer Name = NINA | Source = SRService | ID = 104
Description = Error en el proceso de inicialización de Restaurar sistema.
Error - 19.04.2011 00:10:07 | Computer Name = NINA | Source = Service Control Manager | ID = 7023
Description = El servicio Servicio de restauración de sistema terminó con el error:
%%5
Error - 19.04.2011 10:13:58 | Computer Name = NINA | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Netman.
Error - 19.04.2011 11:05:55 | Computer Name = NINA | Source = SRService | ID = 104
Description = Error en el proceso de inicialización de Restaurar sistema.
Error - 19.04.2011 11:05:57 | Computer Name = NINA | Source = Service Control Manager | ID = 7023
Description = El servicio Servicio de restauración de sistema terminó con el error:
%%5
< End of report >
|
|
19.04.2011, 16:53
| #4 |
| /// Malware-holic   | TR/kazy.mekml.1 bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 17:03
| #5 |
| | TR/kazy.mekml.1 Oha, na mal gucken, ob ich das schaffe... Bis später dann und  |
Linear-Darstellung
