Trojaner-Board - Facebookaccount gesperrt - Unbekannter Zugriff aus Japan

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Facebookaccount gesperrt - Unbekannter Zugriff aus Japan (https://www.trojaner-board.de/109318-facebookaccount-gesperrt-unbekannter-zugriff-japan.html)

Facebookaccount gesperrt - Unbekannter Zugriff aus Japan

Hallo Trojaner-Board

Ich habe eine Problem, denn ich weiß leider garnicht was los ist.
Von Facebook kam heute Mittag die Meldung das mein Facebook account vorrübergehend gesperrt worden ist. Wegen unbekanten Zurgriff aus Japan. Ich wusst natürlich das ich das nicht wahr. Deswegen hab ich Passwort geändert.
Nun frage ich mich ob ich nun einen Trojaner habe. Ich vermute es kann auch damit zusammenhängen das ich vor kurzem eine externe Festplatte angeschlossen habe und deswegen einen Virus bekommen habe.. Aber ich kann das ja nicht beurteilen, bitte helft mir :-).

Hier noch dds dateien...

Ich brauch wirklich Hilfe sonst bekomm ich noch richtig ärger. :-(

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e02baab5d846364e9df8c061623e007e

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-14 09:25:03

# local_time=2012-02-14 10:25:03 (+0100, W. Europe Standard Time)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 13856466 13856466 0 0

# compatibility_mode=8192 67108863 100 0 3767 3767 0 0

# scanned=70306

# found=2

# cleaned=0

# scan_time=4569

C:\Documents and Settings\Und so halt\Desktop\Sirius MT2\metin2client_Sirius_MT2.bin        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I

C:\Documents and Settings\Und so halt\My Documents\Downloads\SoftonicDownloader_fuer_simple-webcam-capture.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

14.02.2012 20:18:15

mbam-log-2012-02-14 (20-18-15).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 224449

Laufzeit: 1 Stunde(n), 22 Minute(n), 58 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\splash.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hier sind noch ältere logs aus malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

22.12.2010 19:11:24

mbam-log-2010-12-22 (19-11-24).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 126

Laufzeit: 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

09.12.2010 15:51:18

mbam-log-2010-12-09 (15-51-18).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 8197

Laufzeit: 3 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

09.12.2010 15:51:18

mbam-log-2010-12-09 (15-51-18).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 8197

Laufzeit: 3 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

08.12.2010 22:17:59

mbam-log-2010-12-08 (22-17-59).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 8843

Laufzeit: 3 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5214
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

29.11.2010 17:20:23

mbam-log-2010-11-29 (17-20-23).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 9206

Laufzeit: 4 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Ich hoffe ich habe alles richtig gemacht.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo, da öffnete sich auch extras.txt ich habe das einfach mal nicht hier rein gemacht weil du sagtest ich solle nur das OTL.text reinkopieren.

Code:

OTL logfile created on: 15.02.2012 12:30:21 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Und so halt\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1022,80 Mb Total Physical Memory | 713,84 Mb Available Physical Memory | 69,79% Memory free

2,41 Gb Paging File | 2,19 Gb Available in Paging File | 91,04% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,24 Gb Total Space | 9,82 Gb Free Space | 26,36% Space Free | Partition Type: NTFS

 

Computer Name: CYBERTRON | User Name: Und so halt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.15 12:29:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Und so halt\My Documents\Downloads\OTL.exe

PRC - [2012.01.21 21:43:51 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.7\ICQ.exe

PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe

PRC - [2002.09.20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.10 21:11:47 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll

MOD - [2011.11.03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2010.07.07 22:52:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll

MOD - [2010.07.07 22:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll

MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (McComponentHostService)

SRV - [2012.02.10 21:11:47 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)

SRV - [2009.12.16 18:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)

SRV - [2002.09.20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.03.29 16:04:42 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010.10.20 14:37:56 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010.10.16 08:20:56 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2010.10.11 12:41:37 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)

DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.02.12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)

DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007.05.09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007.05.09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2007.01.29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2004.09.17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2004.09.14 10:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)

DRV - [2003.11.10 05:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)

DRV - [2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)

DRV - [2003.09.26 15:40:28 | 000,051,584 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400)

DRV - [2002.05.02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

 

 

 

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031778

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

 

 

[2011.04.16 17:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Und so halt\Application Data\Mozilla\Extensions

[2010.06.11 16:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Und so halt\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011.04.10 11:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.03.30 16:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.08.21 11:04:40 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Und so halt\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKU\S-1-5-21-220523388-1770027372-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-220523388-1770027372-725345543-1004..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015448937 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.2 10.0.1.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D84F6D-B048-450D-84AB-A0AD6B8B70A4}: DhcpNameServer = 10.0.1.2 10.0.1.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Und so halt\My Documents\My Pictures\winter-by-space.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Und so halt\My Documents\My Pictures\winter-by-space.bmp

O32 - Unable to read "AutoRun" value or value not present!

O32 - AutoRun File - [2010.04.11 14:32:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Documents and Settings\Und so halt\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found

MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)

MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.14 21:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.12 18:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DOSBox

[2012.02.02 16:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SFT_de3

[2012.01.31 21:42:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Und so halt\Recent

[2012.01.28 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Start Menu\Programs\Westwood

[2012.01.28 18:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Westwood

[2012.01.28 17:56:00 | 000,000,000 | ---D | C] -- C:\Westwood

[2012.01.25 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012.01.25 22:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\SFT_de3

[2012.01.25 22:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\ConduitEngine

[2012.01.25 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2012.01.25 22:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Conduit

[2012.01.25 22:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Temp

[2012.01.25 22:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3

[2012.01.25 22:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Simple Webcam Capture

[2012.01.25 22:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Start Menu\Programs\Simple Webcam Capture

[2012.01.25 15:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\Fonts

[2012.01.25 15:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\My Documents\New Folder (5)

[2012.01.24 21:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\Eternal Legends

[2012.01.22 12:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\My Documents\ICQ

[2012.01.22 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\LogMeIn Hamachi

[2012.01.22 01:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Desktop\I wanna be the fangame

[2012.01.21 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Clonk Rage

[2012.01.21 21:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ICQ7.7

[2012.01.21 21:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Application Data\ICQ

[2012.01.21 21:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7

[2012.01.21 20:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\Akamai

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.15 12:18:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.02.15 12:17:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.02.14 23:03:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-725345543-1003UA.job

[2012.02.14 18:03:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-725345543-1003Core.job

[2012.02.12 14:31:39 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.09 16:39:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.02.04 14:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012.02.02 12:06:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.01.28 19:10:32 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Yuris Rache.lnk

[2012.01.28 18:01:42 | 000,001,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Alarmstufe Rot 2.lnk

[2012.01.25 22:09:46 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Simple Webcam Capture.lnk

[2012.01.25 22:09:44 | 003,283,968 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\CT3031778_SFT_de3.exe

[2012.01.25 22:09:35 | 000,173,546 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\simplecapture-setup.exe

[2012.01.25 15:13:15 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.01.24 21:11:32 | 000,019,899 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Der Erste Auftrag ende + epilog.rtf

[2012.01.24 21:08:40 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\New Rich Text Document (2).rtf

[2012.01.22 03:05:12 | 000,093,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.01.22 03:05:12 | 000,060,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.01.22 01:39:17 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\temp

[2012.01.22 01:39:17 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\save0

[2012.01.21 22:44:02 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Und so halt\Desktop\Clonk Rage.lnk

[2012.01.21 21:52:53 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk

[2012.01.21 21:52:53 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.7.lnk

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.12 18:25:28 | 000,022,001 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\daggerfall_legal_and_installation.pdf

[2012.01.28 19:10:32 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Yuris Rache.lnk

[2012.01.28 18:01:42 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Alarmstufe Rot 2.lnk

[2012.01.25 22:09:46 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Simple Webcam Capture.lnk

[2012.01.25 22:09:34 | 003,283,968 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\CT3031778_SFT_de3.exe

[2012.01.25 22:09:34 | 000,173,546 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\simplecapture-setup.exe

[2012.01.24 21:11:32 | 000,019,899 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Der Erste Auftrag ende + epilog.rtf

[2012.01.24 21:08:40 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\New Rich Text Document (2).rtf

[2012.01.22 01:37:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\temp

[2012.01.22 01:37:19 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\save0

[2012.01.21 22:44:02 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Und so halt\Desktop\Clonk Rage.lnk

[2012.01.21 21:52:53 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk

[2012.01.21 21:52:53 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.7.lnk

[2011.10.23 10:11:32 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Und so halt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.16 14:45:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2011.09.28 19:57:47 | 000,069,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.08.26 23:22:30 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2011.04.26 09:24:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2011.04.15 20:12:29 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll

[2011.04.15 20:12:27 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll

[2011.04.07 10:29:26 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\room.dat

[2010.11.29 16:40:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.11.29 07:34:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwpGerman.INI

[2010.10.31 14:27:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010.10.30 16:16:15 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

[2010.10.19 14:38:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI

[2010.10.11 17:54:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.10.11 12:41:37 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010.10.11 12:41:37 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.09.22 14:29:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010.09.22 14:29:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010.09.22 14:29:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010.09.22 14:28:04 | 000,037,919 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2010.09.19 00:34:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2010.09.18 17:25:25 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010.09.18 17:25:23 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010.09.18 17:25:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010.09.18 16:31:52 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Und so halt\Application Data\PnkBstrK.sys

[2010.08.09 11:00:35 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe

[2010.08.09 11:00:34 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll

[2010.08.09 11:00:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll

[2010.08.03 14:26:32 | 000,000,401 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010.07.18 16:10:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2010.07.12 21:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.05.31 17:01:45 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys

[2010.04.23 16:50:15 | 000,052,214 | ---- | C] () -- C:\WINDOWS\War3Unin.dat

[2010.04.13 15:25:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.04.11 16:21:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.04.11 16:16:39 | 000,113,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.04.11 15:35:12 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010.04.11 15:25:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2010.04.11 14:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.04.11 14:28:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007.05.09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2004.08.04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2002.08.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2002.08.29 13:00:00 | 000,093,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2002.08.29 13:00:00 | 000,060,948 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2002.08.29 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1997.06.14 09:56:08 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2011.08.19 21:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2010.10.13 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010.07.18 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite

[2010.07.18 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011.04.06 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011.09.14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2011.08.20 12:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2010.05.27 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.10.30 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010.10.16 17:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software

[2011.09.09 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera

[2011.09.14 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\.minecraft

[2011.04.24 15:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AllVideoDownloader

[2010.10.17 18:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AntMe

[2010.07.18 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Astroburn Lite

[2010.10.30 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Carambis

[2012.02.09 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Clonk Rage

[2010.07.18 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DAEMON Tools Lite

[2010.05.29 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\FOG Downloader

[2010.10.16 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Foxit Software

[2011.09.07 12:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GetRightToGo

[2010.06.04 12:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GrabPro

[2011.10.12 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\gtk-2.0

[2010.12.22 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\HLSW

[2012.02.13 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ICQ

[2010.09.13 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\JonDo

[2010.07.17 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\LolClient

[2011.01.19 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mumble

[2010.06.15 14:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Opera

[2010.12.05 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Orbit

[2011.10.17 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar

[2010.10.18 19:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ScreenSeven

[2010.11.17 21:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony

[2010.11.17 21:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup

[2010.11.07 16:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Stella

[2011.10.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Tomb Raider Level Player

[2011.09.06 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\TS3Client

[2012.02.12 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\uTorrent

[2012.02.04 14:02:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2010.10.13 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010.04.14 19:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010.11.17 21:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010.07.18 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite

[2010.11.28 20:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

[2010.07.18 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011.01.03 11:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX

[2011.04.06 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2010.10.30 16:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2011.09.14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2010.10.30 13:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010.11.29 17:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010.12.09 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010.10.31 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2010.12.05 12:30:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010.04.11 15:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010.04.11 18:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2011.08.20 12:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2010.11.20 12:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010.11.17 21:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2010.05.03 16:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010.05.27 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010.10.31 16:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia

[2010.04.11 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010.10.30 16:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2010.09.17 21:20:09 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

 
 < %APPDATA%\*. >

[2011.09.14 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\.minecraft

[2010.07.17 18:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Adobe

[2011.04.24 15:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AllVideoDownloader

[2010.10.17 18:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\AntMe

[2010.07.18 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Astroburn Lite

[2010.10.30 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Carambis

[2012.02.09 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Clonk Rage

[2010.07.18 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DAEMON Tools Lite

[2011.01.02 13:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\DivX

[2010.05.29 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\FOG Downloader

[2010.10.16 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Foxit Software

[2011.09.07 12:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GetRightToGo

[2010.06.04 12:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\GrabPro

[2011.10.12 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\gtk-2.0

[2010.11.11 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Help

[2010.12.22 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\HLSW

[2010.10.30 16:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\hpqLog

[2012.02.13 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ICQ

[2010.09.13 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\JonDo

[2010.07.17 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\LolClient

[2010.05.27 17:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Macromedia

[2010.11.29 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Malwarebytes

[2011.04.26 09:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Microsoft

[2011.10.19 18:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mozilla

[2011.01.19 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Mumble

[2010.06.15 14:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Opera

[2010.12.05 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Orbit

[2011.10.17 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar

[2010.10.18 19:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\ScreenSeven

[2010.09.18 17:01:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Und so halt\Application Data\SecuROM

[2011.10.23 00:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Skype

[2011.10.22 23:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\skypePM

[2010.11.17 21:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony

[2010.11.17 21:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup

[2010.11.07 16:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Stella

[2010.05.31 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Sun

[2012.01.21 21:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\teamspeak2

[2011.10.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Tomb Raider Level Player

[2011.04.30 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\tor

[2011.09.06 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\TS3Client

[2012.02.12 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\uTorrent

[2010.05.29 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\WinRAR

[2011.09.28 19:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Und so halt\Application Data\Xfire

 
 < %APPDATA%\*.exe /s >

[2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft Beta.exe

[2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft Updater.exe

[2010.09.25 10:15:25 | 000,232,159 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft.exe

[2011.09.05 16:43:15 | 000,683,836 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\.minecraft\Minecraft_Server.exe

[2010.11.17 21:46:26 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe

[2010.11.07 15:31:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

[2010.11.07 15:31:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

[2010.11.07 15:31:28 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

[2011.10.01 22:46:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Und so halt\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2011.10.04 13:38:51 | 000,704,248 | ---- | M] () -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar\unins000.exe

[2010.03.31 11:17:06 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Documents and Settings\Und so halt\Application Data\QuickStoresToolbar\Update.exe

[2010.11.17 21:43:55 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup\A189E68E-2253-4c3b-86B7-D77E36F13C55\QuickTimeInstaller.exe

[2010.11.17 21:40:07 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Und so halt\Application Data\Sony Setup\A34E95A5-C379-4746-B607-09AE7B36A102\WMFDist11-WindowsXP-x86-ENU.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2005.09.16 20:04:38 | 024,850,432 | ---- | M] (Lionhead) -- C:\Fable.exe

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010.10.12 14:50:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

[2004.08.03 23:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2004.08.03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: VIASRAID.SYS  >

[2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\OemDir\viasraid.sys

[2003.11.01 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.03.29 16:04:42 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2010.04.11 16:15:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010.04.11 16:15:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010.04.11 16:15:31 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3031778

IE - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

[2010.08.21 11:04:40 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.

C:\Program Files\SFT_de3\prxtbSFT0.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5\ deleted successfully.

c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully.

C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.

File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.

File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.

Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.

Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.

File C:\Program Files\SFT_de3\prxtbSFT0.dll not found.

File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.

File c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-220523388-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

ADS C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7A852BE deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 1290218 bytes

->Temporary Internet Files folder emptied: 743195 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Its Me

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 109352 bytes

->Opera cache emptied: 374670 bytes

 

User: NetworkService

->Temp folder emptied: 221642 bytes

->Temporary Internet Files folder emptied: 3335980 bytes

 

User: Und so halt

->Temp folder emptied: 19745575 bytes

->Temporary Internet Files folder emptied: 3155843 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 242174204 bytes

->Flash cache emptied: 3066 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2832913 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 36695 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188220072 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 443,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_132013
 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

13:59:05.0187 3516        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

13:59:05.0328 3516        ============================================================

13:59:05.0328 3516        Current date / time: 2012/02/15 13:59:05.0328

13:59:05.0328 3516        SystemInfo:

13:59:05.0328 3516        

13:59:05.0328 3516        OS Version: 5.1.2600 ServicePack: 3.0

13:59:05.0328 3516        Product type: Workstation

13:59:05.0328 3516        ComputerName: CYBERTRON

13:59:05.0328 3516        UserName: Und so halt

13:59:05.0328 3516        Windows directory: C:\WINDOWS

13:59:05.0328 3516        System windows directory: C:\WINDOWS

13:59:05.0328 3516        Processor architecture: Intel x86

13:59:05.0328 3516        Number of processors: 1

13:59:05.0328 3516        Page size: 0x1000

13:59:05.0328 3516        Boot type: Normal boot

13:59:05.0328 3516        ============================================================

13:59:06.0921 3516        Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

13:59:06.0921 3516        \Device\Harddisk0\DR0:

13:59:06.0921 3516        MBR used

13:59:06.0921 3516        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F

13:59:07.0015 3516        Initialize success

13:59:07.0015 3516        ============================================================

13:59:25.0718 3628        ============================================================

13:59:25.0718 3628        Scan started

13:59:25.0718 3628        Mode: Manual; SigCheck; TDLFS; 

13:59:25.0718 3628        ============================================================

13:59:26.0062 3628        Abiosdsk - ok

13:59:26.0125 3628        abp480n5 - ok

13:59:26.0234 3628        ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:59:27.0718 3628        ACPI - ok

13:59:27.0843 3628        ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:59:28.0250 3628        ACPIEC - ok

13:59:28.0312 3628        adpu160m - ok

13:59:28.0453 3628        aeaudio         (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\aeaudio.sys

13:59:28.0484 3628        aeaudio ( UnsignedFile.Multi.Generic ) - warning

13:59:28.0484 3628        aeaudio - detected UnsignedFile.Multi.Generic (1)

13:59:28.0625 3628        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:59:28.0984 3628        aec - ok

13:59:29.0109 3628        AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

13:59:29.0203 3628        AFD - ok

13:59:29.0312 3628        Aha154x - ok

13:59:29.0406 3628        aic78u2 - ok

13:59:29.0484 3628        aic78xx - ok

13:59:29.0625 3628        AliIde - ok

13:59:29.0796 3628        AmdK7           (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

13:59:30.0296 3628        AmdK7 - ok

13:59:30.0390 3628        amsint - ok

13:59:30.0546 3628        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:59:30.0875 3628        Arp1394 - ok

13:59:30.0953 3628        asc - ok

13:59:31.0031 3628        asc3350p - ok

13:59:31.0078 3628        asc3550 - ok

13:59:31.0281 3628        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:59:31.0593 3628        AsyncMac - ok

13:59:31.0765 3628        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:59:32.0109 3628        atapi - ok

13:59:32.0203 3628        Atdisk - ok

13:59:32.0343 3628        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys

13:59:32.0406 3628        atksgt ( UnsignedFile.Multi.Generic ) - warning

13:59:32.0406 3628        atksgt - detected UnsignedFile.Multi.Generic (1)

13:59:32.0562 3628        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:59:32.0875 3628        Atmarpc - ok

13:59:33.0031 3628        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:59:33.0421 3628        audstub - ok

13:59:33.0578 3628        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:59:34.0078 3628        Beep - ok

13:59:34.0250 3628        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:59:34.0718 3628        cbidf2k - ok

13:59:34.0859 3628        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:59:35.0171 3628        CCDECODE - ok

13:59:35.0281 3628        cd20xrnt - ok

13:59:35.0406 3628        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:59:35.0843 3628        Cdaudio - ok

13:59:35.0984 3628        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:59:36.0312 3628        Cdfs - ok

13:59:36.0453 3628        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:59:36.0781 3628        Cdrom - ok

13:59:36.0875 3628        Changer - ok

13:59:37.0046 3628        CmdIde - ok

13:59:37.0187 3628        Cpqarray - ok

13:59:37.0296 3628        dac2w2k - ok

13:59:37.0390 3628        dac960nt - ok

13:59:37.0546 3628        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:59:37.0890 3628        Disk - ok

13:59:38.0046 3628        dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:59:38.0484 3628        dmboot - ok

13:59:38.0609 3628        dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:59:38.0984 3628        dmio - ok

13:59:39.0093 3628        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:59:39.0546 3628        dmload - ok

13:59:39.0687 3628        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:59:39.0984 3628        DMusic - ok

13:59:40.0125 3628        dpti2o - ok

13:59:40.0218 3628        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:59:40.0593 3628        drmkaud - ok

13:59:40.0687 3628        EagleNT - ok

13:59:40.0828 3628        ElRawDisk       (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys

13:59:40.0937 3628        ElRawDisk - ok

13:59:41.0109 3628        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:59:41.0468 3628        Fastfat - ok

13:59:41.0640 3628        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:59:41.0968 3628        Fdc - ok

13:59:42.0093 3628        Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:59:42.0406 3628        Fips - ok

13:59:42.0515 3628        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:59:42.0859 3628        Flpydisk - ok

13:59:43.0015 3628        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:59:43.0343 3628        FltMgr - ok

13:59:43.0468 3628        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:59:43.0843 3628        Fs_Rec - ok

13:59:43.0968 3628        Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:59:44.0437 3628        Ftdisk - ok

13:59:44.0562 3628        GarenaPEngine - ok

13:59:44.0640 3628        GGSAFERDriver - ok

13:59:44.0781 3628        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:59:45.0062 3628        Gpc - ok

13:59:45.0171 3628        hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

13:59:45.0203 3628        hamachi - ok

13:59:45.0343 3628        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:59:45.0687 3628        hidusb - ok

13:59:45.0765 3628        hpn - ok

13:59:45.0890 3628        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:59:45.0984 3628        HTTP - ok

13:59:46.0093 3628        i2omgmt - ok

13:59:46.0171 3628        i2omp - ok

13:59:46.0281 3628        i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

13:59:46.0625 3628        i8042prt - ok

13:59:46.0796 3628        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:59:47.0093 3628        Imapi - ok

13:59:47.0234 3628        ini910u - ok

13:59:47.0375 3628        IntelIde - ok

13:59:47.0500 3628        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:59:47.0796 3628        Ip6Fw - ok

13:59:47.0906 3628        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:59:48.0328 3628        IpFilterDriver - ok

13:59:48.0468 3628        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:59:48.0765 3628        IpInIp - ok

13:59:48.0890 3628        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:59:49.0171 3628        IpNat - ok

13:59:49.0359 3628        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:59:49.0671 3628        IPSec - ok

13:59:49.0781 3628        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:59:50.0109 3628        IRENUM - ok

13:59:50.0234 3628        isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:59:50.0531 3628        isapnp - ok

13:59:50.0687 3628        ISODrive        (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys

13:59:50.0718 3628        ISODrive - ok

13:59:50.0906 3628        Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:59:51.0203 3628        Kbdclass - ok

13:59:51.0328 3628        kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:59:51.0625 3628        kbdhid - ok

13:59:51.0750 3628        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:59:52.0062 3628        kmixer - ok

13:59:52.0156 3628        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:59:52.0281 3628        KSecDD - ok

13:59:52.0421 3628        lbrtfdc - ok

13:59:52.0562 3628        libusb0         (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys

13:59:52.0593 3628        libusb0 ( UnsignedFile.Multi.Generic ) - warning

13:59:52.0593 3628        libusb0 - detected UnsignedFile.Multi.Generic (1)

13:59:52.0750 3628        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

13:59:52.0765 3628        lirsgt ( UnsignedFile.Multi.Generic ) - warning

13:59:52.0765 3628        lirsgt - detected UnsignedFile.Multi.Generic (1)

13:59:52.0906 3628        LVUSBSta        (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys

13:59:52.0921 3628        LVUSBSta - ok

13:59:53.0093 3628        MidiSyn         (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys

13:59:53.0156 3628        MidiSyn - ok

13:59:53.0265 3628        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:59:53.0687 3628        mnmdd - ok

13:59:53.0781 3628        Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:59:54.0078 3628        Modem - ok

13:59:54.0218 3628        Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:59:54.0546 3628        Mouclass - ok

13:59:54.0656 3628        mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:59:55.0078 3628        mouhid - ok

13:59:55.0187 3628        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:59:55.0484 3628        MountMgr - ok

13:59:55.0593 3628        mraid35x - ok

13:59:55.0703 3628        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:59:56.0031 3628        MRxDAV - ok

13:59:56.0171 3628        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:59:56.0296 3628        MRxSmb - ok

13:59:56.0468 3628        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:59:56.0781 3628        Msfs - ok

13:59:56.0890 3628        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:59:57.0187 3628        MSKSSRV - ok

13:59:57.0281 3628        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:59:57.0578 3628        MSPCLOCK - ok

13:59:57.0703 3628        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:59:58.0000 3628        MSPQM - ok

13:59:58.0140 3628        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:59:58.0421 3628        mssmbios - ok

13:59:58.0531 3628        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:59:58.0828 3628        MSTEE - ok

13:59:58.0937 3628        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:59:59.0031 3628        Mup - ok

13:59:59.0171 3628        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:59:59.0468 3628        NABTSFEC - ok

13:59:59.0625 3628        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:59:59.0953 3628        NDIS - ok

14:00:00.0093 3628        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:00:00.0406 3628        NdisIP - ok

14:00:00.0562 3628        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:00:00.0609 3628        NdisTapi - ok

14:00:00.0765 3628        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:00:01.0046 3628        Ndisuio - ok

14:00:01.0171 3628        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:00:01.0453 3628        NdisWan - ok

14:00:01.0609 3628        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:00:01.0656 3628        NDProxy - ok

14:00:01.0781 3628        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:00:02.0125 3628        NetBIOS - ok

14:00:02.0265 3628        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:00:02.0562 3628        NetBT - ok

14:00:02.0765 3628        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:00:03.0062 3628        NIC1394 - ok

14:00:03.0218 3628        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

14:00:03.0531 3628        nm - ok

14:00:03.0640 3628        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:00:03.0937 3628        Npfs - ok

14:00:04.0109 3628        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:00:04.0468 3628        Ntfs - ok

14:00:04.0640 3628        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:00:05.0078 3628        Null - ok

14:00:05.0687 3628        nv              (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:00:06.0625 3628        nv - ok

14:00:06.0796 3628        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:00:07.0234 3628        NwlnkFlt - ok

14:00:07.0390 3628        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:00:07.0859 3628        NwlnkFwd - ok

14:00:07.0968 3628        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:00:08.0250 3628        ohci1394 - ok

14:00:08.0359 3628        Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:00:08.0656 3628        Parport - ok

14:00:08.0765 3628        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:00:09.0046 3628        PartMgr - ok

14:00:09.0187 3628        ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:00:09.0640 3628        ParVdm - ok

14:00:09.0781 3628        PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS

14:00:09.0890 3628        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

14:00:09.0890 3628        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

14:00:09.0984 3628        PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:00:10.0265 3628        PCI - ok

14:00:10.0390 3628        PCIDump - ok

14:00:10.0484 3628        PCIIde - ok

14:00:10.0609 3628        Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:00:10.0890 3628        Pcmcia - ok

14:00:10.0984 3628        PDCOMP - ok

14:00:11.0062 3628        PDFRAME - ok

14:00:11.0156 3628        PDRELI - ok

14:00:11.0250 3628        PDRFRAME - ok

14:00:11.0328 3628        perc2 - ok

14:00:11.0421 3628        perc2hib - ok

14:00:11.0671 3628        PID_PEPI        (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

14:00:11.0843 3628        PID_PEPI - ok

14:00:12.0000 3628        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:00:12.0296 3628        PptpMiniport - ok

14:00:12.0406 3628        PRISM_A02 - ok

14:00:12.0593 3628        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:00:12.0875 3628        PSched - ok

14:00:12.0984 3628        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:00:13.0421 3628        Ptilink - ok

14:00:13.0515 3628        ql1080 - ok

14:00:13.0578 3628        Ql10wnt - ok

14:00:13.0687 3628        ql12160 - ok

14:00:13.0765 3628        ql1240 - ok

14:00:13.0843 3628        ql1280 - ok

14:00:13.0968 3628        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:00:14.0406 3628        RasAcd - ok

14:00:14.0531 3628        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:00:14.0828 3628        Rasl2tp - ok

14:00:14.0953 3628        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:00:15.0234 3628        RasPppoe - ok

14:00:15.0390 3628        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:00:15.0859 3628        Raspti - ok

14:00:15.0953 3628        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:00:16.0234 3628        Rdbss - ok

14:00:16.0343 3628        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:00:16.0812 3628        RDPCDD - ok

14:00:16.0953 3628        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:00:17.0234 3628        rdpdr - ok

14:00:17.0390 3628        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:00:17.0468 3628        RDPWD - ok

14:00:17.0625 3628        redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:00:17.0921 3628        redbook - ok

14:00:18.0140 3628        RT2400          (cea718c12a5e2ff91eaf8e07977c2634) C:\WINDOWS\system32\DRIVERS\RT2400.sys

14:00:18.0203 3628        RT2400 - ok

14:00:18.0484 3628        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:00:18.0781 3628        Secdrv - ok

14:00:18.0953 3628        senfilt         (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

14:00:19.0031 3628        senfilt ( UnsignedFile.Multi.Generic ) - warning

14:00:19.0031 3628        senfilt - detected UnsignedFile.Multi.Generic (1)

14:00:19.0187 3628        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:00:19.0468 3628        serenum - ok

14:00:19.0593 3628        Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:00:19.0875 3628        Serial - ok

14:00:20.0046 3628        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:00:20.0328 3628        Sfloppy - ok

14:00:20.0453 3628        Simbad - ok

14:00:20.0546 3628        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:00:20.0828 3628        SLIP - ok

14:00:21.0000 3628        smwdm           (33147559d1e3c25f545a5a4fa372d005) C:\WINDOWS\system32\drivers\smwdm.sys

14:00:21.0046 3628        smwdm ( UnsignedFile.Multi.Generic ) - warning

14:00:21.0046 3628        smwdm - detected UnsignedFile.Multi.Generic (1)

14:00:21.0125 3628        Sparrow - ok

14:00:21.0234 3628        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:00:21.0515 3628        splitter - ok

14:00:21.0671 3628        sptd            (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys

14:00:21.0671 3628        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a

14:00:21.0687 3628        sptd ( LockedFile.Multi.Generic ) - warning

14:00:21.0687 3628        sptd - detected LockedFile.Multi.Generic (1)

14:00:21.0828 3628        sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:00:22.0109 3628        sr - ok

14:00:22.0265 3628        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:00:22.0375 3628        Srv - ok

14:00:22.0562 3628        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:00:22.0843 3628        streamip - ok

14:00:22.0968 3628        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:00:23.0250 3628        swenum - ok

14:00:23.0390 3628        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:00:23.0671 3628        swmidi - ok

14:00:23.0843 3628        symc810 - ok

14:00:23.0921 3628        symc8xx - ok

14:00:24.0015 3628        sym_hi - ok

14:00:24.0109 3628        sym_u3 - ok

14:00:24.0234 3628        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:00:24.0531 3628        sysaudio - ok

14:00:24.0687 3628        tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys

14:00:24.0718 3628        tap0901 ( UnsignedFile.Multi.Generic ) - warning

14:00:24.0718 3628        tap0901 - detected UnsignedFile.Multi.Generic (1)

14:00:24.0875 3628        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:00:25.0062 3628        Tcpip - ok

14:00:25.0187 3628        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:00:25.0468 3628        TDPIPE - ok

14:00:25.0625 3628        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:00:25.0921 3628        TDTCP - ok

14:00:26.0062 3628        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:00:26.0328 3628        TermDD - ok

14:00:26.0468 3628        TosIde - ok

14:00:26.0640 3628        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

14:00:26.0953 3628        uagp35 - ok

14:00:27.0093 3628        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:00:27.0359 3628        Udfs - ok

14:00:27.0484 3628        ultra - ok

14:00:27.0625 3628        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:00:27.0937 3628        Update - ok

14:00:28.0093 3628        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:00:28.0375 3628        usbaudio - ok

14:00:28.0484 3628        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:00:28.0750 3628        usbccgp - ok

14:00:28.0890 3628        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:00:29.0187 3628        usbehci - ok

14:00:29.0343 3628        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:00:29.0656 3628        usbhub - ok

14:00:29.0765 3628        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:00:30.0046 3628        usbprint - ok

14:00:30.0156 3628        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:00:30.0437 3628        USBSTOR - ok

14:00:30.0546 3628        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:00:30.0812 3628        usbuhci - ok

14:00:30.0968 3628        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:00:31.0234 3628        VgaSave - ok

14:00:31.0343 3628        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:00:31.0625 3628        ViaIde - ok

14:00:31.0765 3628        viasraid        (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys

14:00:31.0812 3628        viasraid - ok

14:00:31.0968 3628        vmm             (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys

14:00:32.0015 3628        vmm - ok

14:00:32.0140 3628        VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:00:32.0437 3628        VolSnap - ok

14:00:32.0562 3628        VPCNetS2        (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

14:00:32.0578 3628        VPCNetS2 - ok

14:00:32.0781 3628        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:00:33.0078 3628        Wanarp - ok

14:00:33.0171 3628        WDICA - ok

14:00:33.0312 3628        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:00:33.0625 3628        wdmaud - ok

14:00:34.0031 3628        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:00:34.0296 3628        WSTCODEC - ok

14:00:34.0437 3628        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:00:34.0500 3628        WudfPf - ok

14:00:34.0671 3628        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:00:34.0718 3628        WudfRd - ok

14:00:34.0843 3628        XDva359 - ok

14:00:34.0937 3628        XDva362 - ok

14:00:35.0078 3628        yukonwxp        (dee4899b4ac10a673b2df0cdd135167e) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys

14:00:35.0140 3628        yukonwxp - ok

14:00:35.0296 3628        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:00:35.0546 3628        \Device\Harddisk0\DR0 - ok

14:00:35.0593 3628        Boot (0x1200)   (38766ba3e7156fa2da96a98438edf300) \Device\Harddisk0\DR0\Partition0

14:00:35.0593 3628        \Device\Harddisk0\DR0\Partition0 - ok

14:00:35.0593 3628        ============================================================

14:00:35.0593 3628        Scan finished

14:00:35.0593 3628        ============================================================

14:00:35.0828 3608        Detected object count: 9

14:00:35.0828 3608        Actual detected object count: 9

14:00:54.0656 3608        aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        senfilt ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        smwdm ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0656 3608        sptd ( LockedFile.Multi.Generic ) - skipped by user

14:00:54.0656 3608        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

14:00:54.0687 3608        tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user

14:00:54.0687 3608        tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Sind die dateien alle schlimm? oder nur verdächtig?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-02-15.01 - Und so halt 15.02.2012  17:55:04.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.1023.533 [GMT 1:00]

ausgeführt von:: c:\documents and settings\Und so halt\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Und so halt\WINDOWS

c:\windows\desktop

c:\windows\desktop\TS GDI Theme Pack Readme.txt

c:\windows\IsUn0407.exe

c:\windows\system32\_000125_.tmp.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-15 bis 2012-02-15  ))))))))))))))))))))))))))))))

.

.

2012-02-15 12:20 . 2012-02-15 12:20        --------        d-----w-        C:\_OTL

2012-02-14 20:06 . 2012-02-14 20:06        --------        d-----w-        c:\program files\ESET

2012-02-12 17:27 . 2012-02-12 17:27        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\DOSBox

2012-02-11 17:41 . 2012-02-11 17:41        --------        d-----w-        c:\documents and settings\Guest

2012-02-02 15:39 . 2012-02-02 15:39        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\SFT_de3

2012-01-28 16:56 . 2012-01-28 16:56        --------        d-----w-        C:\Westwood

2012-01-25 21:10 . 2012-01-25 21:10        --------        d-----w-        c:\program files\Conduit

2012-01-25 21:10 . 2012-01-25 21:10        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\SFT_de3

2012-01-25 21:09 . 2012-01-25 21:09        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\Conduit

2012-01-25 21:09 . 2012-01-25 21:09        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\Temp

2012-01-25 21:09 . 2012-02-15 12:20        --------        d-----w-        c:\program files\SFT_de3

2012-01-25 21:09 . 2012-01-25 21:09        --------        d-----w-        c:\program files\Simple Webcam Capture

2012-01-22 08:15 . 2012-02-10 13:07        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\LogMeIn Hamachi

2012-01-21 21:43 . 2012-02-15 16:43        --------        d-----w-        c:\program files\Clonk Rage

2012-01-21 20:44 . 2012-02-15 16:17        --------        d-----w-        c:\documents and settings\Und so halt\Application Data\ICQ

2012-01-21 20:43 . 2012-01-21 20:53        --------        d-----w-        c:\program files\ICQ7.7

2012-01-21 19:21 . 2012-01-21 19:23        --------        d-----w-        c:\documents and settings\Und so halt\Local Settings\Application Data\Akamai

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2004-08-03 22:56        293376        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-03 21:17        1859584        ----a-w-        c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-03 22:56        60416        ----a-w-        c:\windows\system32\packager.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-21 127040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2011-12-12 22:20        3305760        ----a-w-        c:\documents and settings\Und so halt\Local Settings\Application Data\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2005-08-25 10:17        860160        ------w-        c:\program files\Analog Devices\SoundMAX\SMax4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 07:11        1388544        ------w-        c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 12:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\Clonk Rage\\Clonk.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\Documents and Settings\\Und so halt\\Desktop\\Sirius MT2\\metin2client_Sirius_MT2.bin"=

"c:\\Documents and Settings\\Und so halt\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\ICQ7.7\\ICQ.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"1544:TCP"= 1544:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.07.2010 15:11 436792]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11.04.2010 15:34 77312]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [27.05.2010 09:07 22312]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03.08.2004 23:56 14336]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [31.05.2010 17:01 33792]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp --> c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [12.10.2010 13:57 51584]

S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 26634053

*Deregistered* - 26634053

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe

TCP: DhcpNameServer = 10.0.1.2 10.0.1.2

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

AddRemove-LEGO LOCO - c:\windows\IsUn0407.exe

AddRemove-Tomb Raider Level Editor - c:\windows\IsUn0407.exe

AddRemove-{831D4B74-7A92-4363-869D-524876C480B1}_is1 - g:\huan folder\Sirius MT2\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-15 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Zeit der Fertigstellung: 2012-02-15  18:04:48

ComboFix-quarantined-files.txt  2012-02-15 17:04

.

Vor Suchlauf: 10.777.485.312 bytes free

Nach Suchlauf: 10.715.766.784 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7088141D71825C0270481B9F375C35BD

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-15 21:52:26

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target2Lun0 ST340014 rev.8.05

Running: nhmqhnic.exe; Driver: C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\kgryipow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT      sptd.sys                                                                                                            ZwCreateKey [0xF742AA50]

SSDT      sptd.sys                                                                                                            ZwEnumerateKey [0xF745EFFE]

SSDT      sptd.sys                                                                                                            ZwEnumerateValueKey [0xF745F38C]

SSDT      sptd.sys                                                                                                            ZwOpenKey [0xF742AA30]

SSDT      sptd.sys                                                                                                            ZwQueryKey [0xF745F464]

SSDT      sptd.sys                                                                                                            ZwQueryValueKey [0xF745F2E4]

SSDT      sptd.sys                                                                                                            ZwSetValueKey [0xF745F4F6]
 

INT 0x62  ?                                                                                                                   873D9CC8

INT 0x73  ?                                                                                                                   873DDCC8

INT 0x82  ?                                                                                                                   873D9CC8

INT 0xB4  ?                                                                                                                   86F9FCC8

INT 0xB4  ?                                                                                                                   86F9FCC8

INT 0xB4  ?                                                                                                                   86F9FCC8

INT 0xB4  ?                                                                                                                   86F9FCC8

INT 0xB4  ?                                                                                                                   86F9FCC8

INT 0xB4  ?                                                                                                                   86F9FCC8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text     sptd.sys                                                                                                            F73F0000 32 Bytes  [5E, 67, 6F, 80, 20, 17, 6F, ...]

.text     sptd.sys                                                                                                            F73F0024 4 Bytes  [74, 2F, 3E, F7]

.text     sptd.sys                                                                                                            F73F002C 424 Bytes  [F2, BF, 57, 80, 66, E1, 59, ...]

.text     sptd.sys                                                                                                            F73F01E4 4 Bytes  [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}

.text     sptd.sys                                                                                                            F73F01EC 1 Byte  [02]

.text     ...                                                                                                                 

.sptd2    C:\WINDOWS\system32\drivers\sptd.sys                                                                                entry point in ".sptd2" section [0xF74E7D38]

?         C:\WINDOWS\system32\drivers\sptd.sys                                                                                The process cannot access the file because it is being used by another process.

.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xF64143A0, 0x59FFE5, 0xE8000020]

.text     USBPORT.SYS!DllUnload                                                                                               F63AD8AC 5 Bytes  JMP 86F9F1D8 

init      C:\WINDOWS\system32\drivers\senfilt.sys                                                                             entry point in "init" section [0xF629BF80]

.text     C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB8387300, 0x3ACC8, 0xE8000020]

.text     C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xF7883300, 0x1B7E, 0xE8000020]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT       \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  873DD308

IAT       \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]                                                     [F73F1574] sptd.sys

IAT       \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]                                                      [F73F10C0] sptd.sys

IAT       \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                     [F73F1FE0] sptd.sys

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F73F10C0] sptd.sys

IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F73F1362] sptd.sys

IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F73F12A4] sptd.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F73F21BC] sptd.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F73F1FE0] sptd.sys

IAT       \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                86F9F308
 

---- Registry - GMER 1.0.15 ----
 

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA6 0xC8 0x85 0xCA ...

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x49 0xE6 0xC3 0xD2 ...

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x2A 0xCF 0xCD 0xF2 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xDE 0x5E 0xC2 0xD3 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xE8 0x13 0xF3 0x3A ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x95 0xEE 0xE1 0xB0 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x41 0x88 0x25 0x14 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF0 0x3B 0xE8 0xF4 ...

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x57 0xF2 0x39 0x8B ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC3 0xE1 0x8D 0xD1 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xE8 0x13 0xF3 0x3A ...

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x95 0xEE 0xE1 0xB0 ...

Reg       HKLM\SYSTEM\ControlSet004\Services\Update@ImagePath                                                                 system32\DRIVERS\update.sys?????hid_device_system_game?%\s??? <??_???s?????xe:??HID-compliant game controller?????.??_?????????n?????????????? ??_????1??????_?_??????8??_???D?????E?E??? ??????????????p????????_?????????n????wave????????????????USB Human Interface Device??????? ???????)???????????_???????? ?<?&?????:E??? ???^??????????????? ???????g??????te???????-???f??????? ???????????m???????A??? ???-???e?????ndM??? ???^???e??????ni????.??_???e??????????hid_device_system_game?%\s???]?_?_?_?_?_?_?_?_??to start.????????????0??1????????f?????????n?????????????1???????0????X??_????????h?????? ???????????????????????????????????????f??%SystemRoot%\system32\svchost.exe -k netsvcs?n??system32\DRIVERS\usbuhci.sys????\??\C:\WINDOWS\system32\Drivers\vmm.sys??k??? 6??_???f???????????????????????????.??TCP/IP Protocol Driver??????i8042prt?????_??????????????Provides image acquisition services for scanners and cameras.???system32\DRIVERS\termdd.sys?\termdd.sys???????p??_?????????e????Video Save??????? ???_?????????????

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF9 0x29 0xD4 0xFB ...

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x37 0xED 0x09 0x2D ...

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x95 0xEE 0xE1 0xB0 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xCC 0x55 0xDB 0x7D ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xBC 0xB8 0x4C 0xC6 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xFF 0xB8 0x58 0x73 ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xCC 0x55 0xDB 0x7D ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xEA 0xCB 0x99 ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xBC 0xB8 0x4C 0xC6 ...

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xFF 0xB8 0x58 0x73 ...

Reg       HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\88\Shell@ScrollPos1152x864(1).y                                    0
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:59:03 on 15.02.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Google Inc. Google Chrome 14.0.835.163
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Pando" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.cpl  (File not found)

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

"SMAX4CP" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\SMax4.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aeaudio" (aeaudio) - "Andrea Electronics Corporation" - C:\WINDOWS\System32\drivers\aeaudio.sys

"aqfjnmth" (aqfjnmth) - "VIA Technologies inc,.ltd" - C:\WINDOWS\system32\drivers\aqfjnmth.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"catchme" (catchme) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)

"ElRawDisk" (ElRawDisk) - "EldoS Corporation" - C:\WINDOWS\system32\drivers\dddsk.sys

"GarenaPEngine" (GarenaPEngine) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\YEXCA.tmp  (File not found)

"GGSAFER Driver" (GGSAFERDriver) - ? - C:\Program Files\Garena\safedrv.sys  (File not found)

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys

"kgryipow" (kgryipow) - ? - C:\DOCUME~1\UNDSOH~1\LOCALS~1\Temp\kgryipow.sys  (Hidden registry entry, rootkit activity | File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"LibUsb-Win32 - Kernel Driver, Version 0.1.10.1" (libusb0) - ? - C:\WINDOWS\System32\drivers\libusb0.sys

"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"senfilt" (senfilt) - "Creative Technology Ltd." - C:\WINDOWS\System32\drivers\senfilt.sys

"Sinus 1054 data" (PRISM_A02) - ? - C:\WINDOWS\System32\DRIVERS\PRISMA02.sys  (File not found)

"smwdm" (smwdm) - "Analog Devices, Inc." - C:\WINDOWS\System32\drivers\smwdm.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys

"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\WINDOWS\system32\Drivers\vmm.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"XDva359" (XDva359) - ? - C:\WINDOWS\system32\XDva359.sys  (File not found)

"XDva362" (XDva362) - ? - C:\WINDOWS\system32\XDva362.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll

{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} "{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.7" - "ICQ, LLC." - C:\Program Files\ICQ7.7\ICQ.exe

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

-----( %UserProfile%\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Documents and Settings\Und so halt\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"nwiz" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_7de0ed9.dll  (File found, but it contains no detailed information)

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe

"LibUsb-Win32 - Daemon, Version 0.1.10.1" (libusbd) - "hxxp://libusb-win32.sourceforge.net" - C:\WINDOWS\System32\libusbd-nt.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - ? - "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"  (File not found)

"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software

Run date: 2012-02-15 22:01:02

-----------------------------

22:01:02.328    OS Version: Windows 5.1.2600 Service Pack 3

22:01:02.328    Number of processors: 1 586 0xA00

22:01:02.328    ComputerName: CYBERTRON  UserName: 

22:01:03.062    Initialize success

22:02:31.265    AVAST engine defs: 12021501

22:02:37.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target2Lun0

22:02:37.875    Disk 0 Vendor: ST340014 8.05 Size: 38146MB BusType: 1

22:02:37.906    Device \Driver\viasraid -> DriverStartIo SCSIPORT.SYS f73da40e

22:02:37.906    Device \Driver\viasraid -> MajorFunction 873961f8

22:02:38.000    Disk 0 MBR read successfully

22:02:38.000    Disk 0 MBR scan

22:02:38.046    Disk 0 Windows XP default MBR code

22:02:38.109    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38138 MB offset 63

22:02:38.171    Disk 0 scanning sectors +78108030

22:02:38.421    Disk 0 scanning C:\WINDOWS\system32\drivers

22:03:09.078    Service scanning

22:03:09.750    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

22:03:10.343    Modules scanning

22:03:36.031    Disk 0 trace - called modules:

22:03:36.093    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873961f8]<<

22:03:36.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873479c0]

22:03:36.093    3 CLASSPNP.SYS[f7583fd7] -> nt!IofCallDriver -> \Device\Scsi\viasraid1Port2Path0Target2Lun0[0x87347030]

22:03:36.093    \Driver\viasraid[0x87356a60] -> IRP_MJ_CREATE -> 0x873961f8

22:03:36.484    AVAST engine scan C:\WINDOWS

22:03:53.718    AVAST engine scan C:\WINDOWS\system32

22:15:56.453    AVAST engine scan C:\WINDOWS\system32\drivers

22:18:02.406    AVAST engine scan C:\Documents and Settings\Und so halt

22:20:18.140    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Und so halt\Desktop\MBR.dat"

22:20:18.140    The log file has been saved successfully to "C:\Documents and Settings\Und so halt\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/16/2012 at 09:21 AM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8249

Trace Rules Database Version: 6061
 

Scan type       : Complete Scan

Total Scan Time : 01:11:19
 

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 432

Memory threats detected   : 0

Registry items scanned    : 34159

Registry threats detected : 0

File items scanned        : 69433

File threats detected     : 133
 

PotentiallyUnwanted.Softonic

        C:\DOCUMENTS AND SETTINGS\UND SO HALT\MY DOCUMENTS\DOWNLOADS\SOFTONICDOWNLOADER_FUER_SIMPLE-WEBCAM-CAPTURE.EXE
 

Adware.Tracking Cookie

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .elitepartner.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adtech.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .apmebf.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ru4.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ru4.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        track.adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adxvalue.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .webmasterplan.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .webmasterplan.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .im.banner.t-online.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ad.adnet.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .freersaccounts.info [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.freersaccounts.info [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .histats.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .histats.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zanox-affiliate.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .a.revenuemax.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .apmebf.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .fastclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .lego.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .meet-teens.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.counter.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        count.primawebtools.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adtech.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .revsci.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        track.adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adform.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracking.quisma.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ads6.hermoment.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adbrite.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.soundmedia.ch [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .aim4media.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        m1.webstats.motigo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .statcounter.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad3.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zedo.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.faktmedia.de [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zanox.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\UND SO HALT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.16.01
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Und so halt :: CYBERTRON [Administrator]
 

Schutz: Aktiviert
 

16.02.2012 12:13:00

mbam-log-2012-02-16 (12-13-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 263644

Laufzeit: 1 Stunde(n), 35 Minute(n), 58 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Ich weiß ja nicht ob die Cookies damit zu tun haben aber seit wir mit der bereinigung angefangen haben is mein internet sehr langsam geworden.