| |
| |||||||
Log-Analyse und Auswertung: Trojaner "cleansweep.exe" Rechner stürzt immer abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.07.2010, 16:12
| #16 |
 |  Trojaner "cleansweep.exe" Rechner stürzt immer ab Logfile OTS Scan Code:
ATTFilter OTS logfile created on: 02.07.2010 17:00:10 - Run 2
OTS by OldTimer - Version 3.1.31.2 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 691,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,53 Gb Total Space | 9,64 Gb Free Space | 32,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 203,35 Gb Total Space | 140,54 Gb Free Space | 69,11% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: *******-D07002
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\****\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation)
winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE -> [2007.01.23 16:03:52 | 012,263,776 | ---- | M] (Microsoft Corporation)
[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\***Wo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.04.21 07:52:58 | 000,267,432 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Planer [Auto | Stopped] -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH)
(Hilti PROFIS AutoUpdate Service) Hilti PROFIS AutoUpdate Service [Disabled | Stopped] -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe -> [2009.04.24 22:34:46 | 000,176,640 | ---- | M] (Agito d.o.o.)
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007.05.08 11:16:37 | 000,069,632 | ---- | M] (Adobe Systems)
(CodeMeter.exe) CodeMeter Runtime Server [Auto | Stopped] -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -> [2006.06.05 14:59:18 | 000,174,080 | ---- | M] (Nokia.)
(LPDSVC) TCP/IP-Druckserver [Auto | Stopped] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006.02.28 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -> [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Stopped] -> C:\Programme\Avira\AntiVir Desktop\avgio.sys -> [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH)
(AFD) AFD [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\afd.sys -> [2008.08.14 12:04:36 | 000,138,496 | ---- | M] ()
(HDAudBus) Microsoft UAA-Bustreiber für High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\WibuKey.sys -> [2007.11.02 16:18:11 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG)
(sptd) sptd [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2007.10.29 13:06:17 | 000,682,232 | ---- | M] (Duplex Secure Ltd.)
(nmwcdsa) Samsung USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsa.sys -> [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia)
(nmwcdsacm) Samsung USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacm.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsacj) Samsung USB Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacj.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsac) Samsung USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsac.sys -> [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia)
(Hardlock) Hardlock [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\hardlock.sys -> [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(aksusb) Aladdin USB Key [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\aksusb.sys -> [2006.11.22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(akshasp) Aladdin HASP Key [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\akshasp.sys -> [2006.11.22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\atl01_2k.sys -> [2006.07.19 03:50:36 | 000,033,408 | R--- | M] (Attansic Technology corporation.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura)
(HPPLSBULK) HPPLSBULK [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hpplsbulk.sys -> [2005.02.02 17:29:28 | 000,009,344 | ---- | M] (Hewlett Packard)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Hdaudio.sys -> [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004.08.13 04:56:20 | 000,005,810 | R--- | M] ()
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2001.08.23 23:03:54 | 000,025,434 | R--- | M] (Realtek Semiconductor Corporation )
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> hxxp://www.google.de/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
< FireFox Settings [Prefs.js] > -> C:\Dokumente und Einstellungen\***Wo\Anwendungsdaten\Mozilla\FireFox\Profiles\vasjinxv.default\prefs.js ->
browser.startup.homepage -> "hxxp://www.google.de/" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components -> C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins -> C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions -> [2008.09.05 13:57:04 | 000,000,000 | ---D | M]
-> C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009.09.04 12:53:08 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008.09.05 13:57:24 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Programme\Mozilla Firefox\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
< HOSTS File > ([2010.07.01 12:55:03 | 000,411,503 | R--- | M] - 14265 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
196.10.11.101 brsys
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006.12.18 04:16:41 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Programme\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008.12.03 09:33:45 | 000,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe ["C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH)
"High Definition Audio Property Page Shortcut" -> C:\WINDOWS\System32\HdAShCut.exe [HDAShCut.exe] -> [2004.10.27 16:21:30 | 000,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"KnexStarter" -> C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe [C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe] -> [2007.12.20 20:18:40 | 000,073,728 | ---- | M] (Hewlett-Packard Company)
"RunTasktray" -> ["C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM] -> File not found
"TomcatStartup 2.5" -> C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe] -> [2004.11.12 18:57:58 | 000,245,760 | ---- | M] (Hewlett-Packard)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" -> C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010.04.29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation)
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart ->
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe -> [2008.05.13 12:08:25 | 000,025,214 | R--- | M] ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006.10.23 02:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NumPlus.lnk -> C:\dicad\strauti\numplus.exe -> [1999.12.23 19:09:48 | 000,020,480 | ---- | M] ()
< **** Startup Folder > -> C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Ausgewählte Verknüpfungen in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Auswahl in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Auswahl in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
In Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
In vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Verknüpfungsziel in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Verknüpfungsziel in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7317 domain(s) found. ->
hp.com .[http] -> Trusted sites ->
hp.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7314 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> hxxp://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> hxxp://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7757BCCA-6175-4D6E-A4A0-88FB3F6850E4}\\NameServer -> 196.10.11.90 (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter) ->
{B5497300-9469-4400-86BF-D9633BEC699F}\\NameServer -> 196.10.11.90 (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) ->
{EA3E47F4-1D9C-414C-B65E-82DF77561B2F}\\NameServer -> 196.10.11.90 (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006.03.23 06:12:42 | 000,139,264 | R--- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M] (Hewlett-Packard Company)
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" -> C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe [C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate] -> [2008.07.01 17:02:08 | 000,587,648 | ---- | M] (PixelPlanet GmbH)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M] (Hewlett-Packard Company)
"C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" -> C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe [C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw] -> [2007.10.30 12:00:39 | 000,020,572 | ---- | M] ()
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-Laufwerktreiber ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007.03.19 18:28:06 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\H
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell
\H\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun
\H\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
\H\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
\{69f6a274-1881-11de-99ab-0018f3a45a5d}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command
\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command\\"" -> H:\Autorun.exe [H:\Autorun.exe] -> File not found
\{a2506d92-3bc0-11df-9ac4-00e043050c66}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2008.09.26 05:43:22 | 000,262,144 | ---- | M] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] ->
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] ->
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Sicherheitsupdate für Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] ->
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] ->
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] -> [(default): Webordner; IsInstalled: 1] ->
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] ->
{83785B38-C9CA-B96F-6847-90A93D030FC7} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 1] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] ->
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx [(default): Shockwave Flash; IsInstalled: 01 00 00 00 [binary data]] -> [2006.07.27 20:02:42 | 000,857,720 | R--- | M] (Macromedia, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] ->
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [(default): Internet Explorer; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen; IsInstalled: 1] ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] ->
< ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
7zFM.exe -> C:\Programme\7-Zip\7zFM.exe [C:\Programme\7-Zip\7zFM.exe] -> [2009.02.03 09:10:08 | 000,388,096 | ---- | M] (Igor Pavlov)
Acrobat.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe] -> [2006.05.16 22:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated)
AcrobatInfo.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe] -> [2006.05.16 20:46:23 | 000,032,256 | ---- | M] (Adobe Systems Incorporated)
AcroDist.exe -> C:\Programme\Adobe\Acrobat 7.0\Distillr\acrodist.exe [C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe] -> [2008.04.23 02:08:50 | 000,196,608 | ---- | M] (Adobe Systems Incorporated.)
AcroRd32.exe -> C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2006.10.23 02:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated)
BackItUp.exe -> C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe [C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe] -> [2006.07.25 22:39:16 | 014,090,240 | ---- | M] (Nero AG)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2006.02.28 14:00:00 | 000,042,577 | ---- | M] (Microsoft Corporation)
bole.exe -> C:\Programme\Schoeck\BOLE\Bole.exe [C:\Programme\Schoeck\BOLE\Bole.exe] -> File not found
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2006.02.28 14:00:00 | 000,042,575 | ---- | M] (Microsoft Corporation)
cmmgr32.exe -> C:\WINDOWS\System32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384 | ---- | M] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe] -> [2010.04.06 12:55:06 | 000,307,672 | ---- | M] (Mozilla Corporation)
FLEXPLORER.EXE -> e:\Statikprogramme\Schoeck\FLExplorer.exe [e:\statikprogramme\schoeck\FLEXPLORER.EXE] -> [2009.04.27 10:51:54 | 000,020,480 | ---- | M] ()
FormDesigner.exe -> C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe [C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe] -> [2004.11.26 09:40:14 | 009,392,128 | R--- | M] (Adobe Systems Incorporated)
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 04:22:47 | 000,769,024 | ---- | M] (Microsoft Corporation)
HijackThis.exe -> C:\Dokumente und Einstellungen\****\Desktop\Ablage\Programme\HijackThis.exe [C:\Dokumente und Einstellungen\****\Desktop\Ablage\Programme\hijackthis.exe] -> [2009.07.06 12:33:17 | 000,396,288 | ---- | M] (Trend Micro Inc.)
hppgfax.exe -> C:\Programme\HP\Digital Imaging\bin\hppgfax.exe [C:\Programme\HP\Digital Imaging\bin\hppgfax.exe] -> [2005.04.07 17:41:16 | 000,188,416 | ---- | M] (Hewlett-Packard Co.)
hppscan2.exe -> C:\Programme\HP\Digital Imaging\bin\hppscan2.exe [C:\Programme\HP\Digital Imaging\bin\hppscan2.exe] -> [2004.11.01 16:13:24 | 000,192,512 | ---- | M] (Hewlett-Packard Co.)
HpqApkil.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe [C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe] -> [2004.10.08 10:43:10 | 000,022,528 | ---- | M] ()
HpqPhUnl.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [2004.10.08 10:42:04 | 000,413,696 | ---- | M] ()
HpqPSmon.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [2004.10.08 10:43:12 | 000,065,536 | ---- | M] ()
hpqthb08.exe -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe] -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
HpqUnSet.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe [C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe] -> [2004.10.08 10:42:04 | 000,053,248 | ---- | M] (TODO: <Company name>)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2006.02.28 14:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M] (Microsoft Corporation)
ImageDrive.exe -> C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe] -> [2006.01.14 07:26:10 | 000,471,040 | ---- | M] (Nero AG)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2006.02.28 14:00:00 | 000,016,384 | ---- | M] (Microsoft Corporation)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2008.12.03 09:33:42 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.)
LUALL.EXE -> C:\Programme\Symantec\LiveUpdate\LUALL.EXE [C:\Programme\Symantec\LiveUpdate\LUALL.EXE] -> [2004.03.25 18:00:26 | 001,561,712 | ---- | M] (Symantec Corporation)
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 | 000,252,416 | ---- | M] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 04:22:53 | 000,004,639 | ---- | M] (Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2008.04.14 04:22:53 | 000,172,544 | ---- | M] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 | 000,060,416 | ---- | M] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2006.02.28 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2003.07.14 23:45:12 | 000,055,360 | ---- | M] (Microsoft Corporation)
mspview.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\GEMEIN~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2003.06.19 17:05:50 | 000,364,648 | ---- | M] (Microsoft Corporation)
NCoverEd.exe -> C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe [C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe] -> [2006.05.19 01:12:20 | 003,309,568 | ---- | M] (Nero AG)
Nero.exe -> C:\Programme\Nero\Nero 7\Core\nero.exe [C:\Programme\Nero\Nero 7\Core\Nero.exe] -> [2006.06.13 20:10:00 | 018,079,744 | ---- | M] (Nero AG)
NeroBurnRights.exe -> C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe [C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe] -> [2006.03.23 13:54:30 | 000,528,384 | ---- | M] (Nero AG)
NeroHome.exe -> C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe] -> [2006.06.01 14:32:50 | 000,147,456 | ---- | M] (Nero AG)
NeroMediaHome.exe -> C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe [C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe] -> [2006.01.16 19:08:00 | 003,190,784 | ---- | M] (Nero AG)
NeroVision.exe -> C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe [C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe] -> [2006.06.14 16:20:26 | 000,496,128 | ---- | M] (Nero AG)
ois.exe -> C:\Programme\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE] -> [2005.03.17 23:06:29 | 000,284,352 | ---- | M] (Microsoft Corporation)
OUTLOOK.EXE -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE] -> [2006.11.23 21:56:04 | 000,196,368 | ---- | M] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation)
PhotoSnapViewer.exe -> C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe [C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe] -> [2006.05.16 18:25:14 | 001,773,568 | ---- | M] (Nero AG)
pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 | 000,282,624 | ---- | M] (Cinematronics)
plan.exe -> [c:\dicad\strakon] -> File not found
Recode.exe -> C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe [C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe] -> [2006.06.09 18:13:22 | 011,018,240 | ---- | M] (Nero AG)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2006.02.28 14:00:00 | 000,042,574 | ---- | M] (Microsoft Corporation)
schdpl32.exe -> C:\Programme\Microsoft Office\OFFICE11\1031\SCHDPL32.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\1031\SCHDPL32.EXE] -> [2003.04.11 18:33:54 | 000,191,336 | ---- | M] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ShowTime.exe -> C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe] -> [2006.07.26 21:29:48 | 003,764,224 | ---- | M] (Nero AG)
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
smax4.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4.exe [C:\Programme\Analog Devices\SoundMAX\smax4.exe] -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Programme\Analog Devices\Core\smax4pnp.exe [C:\Programme\Analog Devices\Core\smax4pnp.exe] -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
smax4wiz.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4Wiz.exe [C:\Programme\Analog Devices\SoundMAX\smax4wiz.exe] -> [2005.07.26 10:29:08 | 000,815,104 | ---- | M] (Analog Devices, Inc.)
SMaxCore -> C:\Programme\Analog Devices\Core [C:\Programme\Analog Devices\Core] -> [2007.03.19 18:55:20 | 000,000,000 | ---D | M]
smwdmif.dll -> C:\Programme\Analog Devices\Core\smwdmif.dll [C:\Programme\Analog Devices\Core\smwdmif.dll] -> [2005.10.05 11:28:14 | 000,290,816 | R--- | M] (Analog Devices, Inc.)
SoundMAX -> C:\Programme\Analog Devices\SoundMAX [C:\Programme\Analog Devices\SoundMAX] -> [2007.03.20 11:10:55 | 000,000,000 | ---D | M]
SoundTrax.exe -> C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe [C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe] -> [2006.05.19 01:39:44 | 001,953,792 | ---- | M] (Nero AG)
swe2.exe -> E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe [E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe] -> [2008.03.06 01:29:44 | 014,161,945 | ---- | M] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 | 000,030,208 | ---- | M] (Microsoft Corporation)
waveedit.exe -> C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe [C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe] -> [2006.05.19 01:22:34 | 000,135,168 | ---- | M] (Nero AG)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE] -> [2007.01.23 16:03:52 | 012,263,776 | ---- | M] (Microsoft Corporation)
winzip.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
winzip32.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
WMPBurn.exe -> C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe [C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe] -> [2006.05.05 14:08:02 | 001,331,200 | ---- | M] (Nero AG)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.10.24 20:04:50 | 000,064,000 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M] (Microsoft Corporation)
XPressUpdate.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008.07.29 21:26:06 | 000,301,568 | ---- | M] (Microsoft Corporation)
yourapp.Exe -> C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe [C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"{00020000-0000-1011-8004-0000C06B5161}" [HKLM] -> C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll [WIBU-SYSTEMS Shell Extension] -> [2007.11.02 16:18:11 | 000,532,480 | ---- | M] (WIBU-SYSTEMS AG)
"{00020D75-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2005.05.10 15:05:08 | 000,030,440 | ---- | M] (Microsoft Corporation)
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2003.07.14 23:46:12 | 000,234,048 | ---- | M] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M] (Microsoft Corporation)
"{23170F69-40C1-278A-1000-000100020000}" [HKLM] -> C:\Programme\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [2009.02.03 09:09:46 | 000,069,632 | ---- | M] (Igor Pavlov)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 | 000,032,768 | ---- | M] (Microsoft Corporation)
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" [HKLM] -> C:\Programme\Samsung\Samsung PC Studio 7\PhoneBrowser.dll [PhoneBrowser] -> [2008.02.01 11:50:28 | 000,573,440 | ---- | M] ()
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003.07.14 23:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for Malware scanning] -> [2010.02.02 12:53:52 | 000,086,376 | ---- | M] (Avira GmbH)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M] (Nero AG)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2006.02.28 14:00:00 | 000,044,544 | ---- | M] (Hilgraeve, Inc.)
"{9480D0F0-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M] (RIB Software AG)
"{9480D0F1-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M] (RIB Software AG)
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M] (Microsoft Corporation)
"{B327765E-D724-4347-8B16-78AE18552FC3}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M] (Nero AG)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2003.07.11 03:15:48 | 001,292,872 | ---- | M] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M] (Microsoft Corporation)
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> [2006.01.12 20:49:01 | 000,581,632 | ---- | M] (Adobe Systems Inc.)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79307-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"Adobe LM Service" -> ->
"Hilti PROFIS AutoUpdate Service" -> ->
"NBService" -> ->
"WMPNetworkSvc" -> ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Acrobat Assistant 7.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.)
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe -> [2006.06.01 14:32:12 | 000,094,208 | ---- | M] (Nero AG)
DataLayer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe -> [2007.02.22 17:04:44 | 000,851,968 | ---- | M] (Nokia Mobile Phones Ltd.)
HPUsageTracking hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\HP\HP UT\bin\hppusg.exe -> [2005.02.07 12:10:12 | 000,036,864 | ---- | M] ( )
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe -> [2006.01.12 17:40:44 | 000,155,648 | ---- | M] (Nero AG)
NWEReboot hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
PROFIS AutoUpdate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -> [2009.04.20 12:16:10 | 000,346,624 | ---- | M] (Agito d.o.o.)
S60TrayApplication hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Samsung\Samsung PC Studio 7\LaunchApplication.exe -> [2007.03.14 17:47:00 | 000,237,568 | ---- | M] ()
SoundMAX hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\SoundMAX\Smax4.exe -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
SoundMAXPnP hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\Core\smax4pnp.exe -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
[Files/Folders - Created Within 30 Days]
Malwarebytes -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes -> [2010.07.02 15:05:29 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010.07.02 15:05:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes -> [2010.07.02 15:05:18 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.07.02 15:05:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware -> [2010.07.02 15:05:17 | 000,000,000 | ---D | C]
mbam-setup.exe -> C:\Dokumente und Einstellungen\****\Desktop\mbam-setup.exe -> [2010.07.02 13:39:29 | 006,153,384 | ---- | C] (Malwarebytes Corporation )
TFC.exe -> C:\Dokumente und Einstellungen\****\Desktop\TFC.exe -> [2010.07.02 13:38:52 | 000,444,416 | ---- | C] (OldTimer Tools)
OTS.exe -> C:\Dokumente und Einstellungen\****\Desktop\OTS.exe -> [2010.07.02 12:32:12 | 000,640,000 | ---- | C] (OldTimer Tools)
Upload -> C:\Dokumente und Einstellungen\****\Desktop\Upload -> [2010.07.02 11:39:22 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Programme\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
U3 -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3 -> [2010.06.18 06:56:17 | 000,000,000 | ---D | C]
iedvtool.dll -> C:\WINDOWS\System32\dllcache\iedvtool.dll -> [2010.06.10 09:31:05 | 000,743,424 | ---- | C] (Microsoft Corporation)
[Files/Folders - Modified Within 30 Days]
~$crosoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\****\Desktop\~$crosoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:23 | 000,000,162 | -H-- | M] ()
Microsoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word-Dokument (neu).doc -> [2010.07.02 16:52:42 | 000,045,056 | ---- | M] ()
l91z2r0p.exe -> C:\Dokumente und Einstellungen\****\Desktop\l91z2r0p.exe -> [2010.07.02 15:29:08 | 000,293,376 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.02 15:05:22 | 000,000,676 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.07.02 14:41:48 | 000,013,646 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.07.02 14:41:21 | 000,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Dokumente und Einstellungen\****\NTUSER.DAT -> [2010.07.02 14:39:50 | 015,990,784 | -H-- | M] ()
ntuser.ini -> C:\Dokumente und Einstellungen\****\ntuser.ini -> [2010.07.02 14:39:50 | 000,000,300 | -HS- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.07.02 14:32:30 | 000,000,006 | -H-- | M] ()
defogger_reenable -> C:\Dokumente und Einstellungen\****\defogger_reenable -> [2010.07.02 14:29:02 | 000,000,132 | ---- | M] ()
Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.02 14:25:17 | 000,002,319 | ---- | M] ()
mbam-setup.exe -> C:\Dokumente und Einstellungen\****\Desktop\mbam-setup.exe -> [2010.07.02 13:39:48 | 006,153,384 | ---- | M] (Malwarebytes Corporation )
Defogger.exe -> C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe -> [2010.07.02 13:39:04 | 000,050,477 | ---- | M] ()
TFC.exe -> C:\Dokumente und Einstellungen\****\Desktop\TFC.exe -> [2010.07.02 13:38:52 | 000,444,416 | ---- | M] (OldTimer Tools)
OTS.exe -> C:\Dokumente und Einstellungen\****\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.07.02 12:31:01 | 001,077,890 | ---- | M] ()
perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.07.02 12:31:01 | 000,462,306 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.07.02 12:31:01 | 000,443,724 | ---- | M] ()
perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.07.02 12:31:01 | 000,085,534 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.07.02 12:31:01 | 000,071,982 | ---- | M] ()
file.bat -> C:\Dokumente und Einstellungen\****\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | M] ()
Fehler.JPG -> C:\Dokumente und Einstellungen\****\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | M] ()
VPClient.ini -> C:\WINDOWS\VPClient.ini -> [2010.07.02 11:37:35 | 000,001,236 | ---- | M] ()
IconCache.db -> C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.07.02 11:08:53 | 001,659,944 | -H-- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2010.07.01 16:46:09 | 000,000,623 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010.07.01 16:46:09 | 000,000,227 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010.07.01 16:46:09 | 000,000,211 | -HS- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.07.01 12:55:03 | 000,411,503 | R--- | M] ()
hosts.20100701-125503.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125503.backup -> [2010.07.01 12:54:43 | 000,411,503 | R--- | M] ()
hosts.20100701-125443.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125443.backup -> [2010.07.01 12:48:01 | 000,411,503 | R--- | M] ()
hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2010.07.01 07:18:46 | 000,000,178 | ---- | M] ()
Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\****\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | M] ()
default.pls -> C:\Dokumente und Einstellungen\****\default.pls -> [2010.06.22 09:04:30 | 000,000,189 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010.06.22 09:04:27 | 000,000,116 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.06.18 07:09:57 | 000,016,384 | ---- | M] ()
AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010.06.11 06:21:48 | 000,203,328 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010.06.10 18:46:56 | 000,001,374 | ---- | M] ()
Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:27:40 | 000,057,063 | ---- | M] ()
[Files - No Company Name]
~$crosoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\****\Desktop\~$crosoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:23 | 000,000,162 | -H-- | C] ()
Microsoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:04 | 000,045,056 | ---- | C] ()
l91z2r0p.exe -> C:\Dokumente und Einstellungen\****\Desktop\l91z2r0p.exe -> [2010.07.02 15:32:51 | 000,293,376 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.02 15:05:22 | 000,000,676 | ---- | C] ()
defogger_reenable -> C:\Dokumente und Einstellungen\****\defogger_reenable -> [2010.07.02 14:27:14 | 000,000,132 | ---- | C] ()
Defogger.exe -> C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe -> [2010.07.02 13:39:04 | 000,050,477 | ---- | C] ()
file.bat -> C:\Dokumente und Einstellungen\****\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | C] ()
Fehler.JPG -> C:\Dokumente und Einstellungen\****\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | C] ()
hldrv32.exe -> C:\Dokumente und Einstellungen\****\Desktop\hldrv32.exe -> [2010.07.02 07:28:07 | 005,119,792 | ---- | C] ()
Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,002,319 | ---- | C] ()
Adobe Reader - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,001,726 | ---- | C] ()
Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\****\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | C] ()
AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | C] ()
Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:01:46 | 000,057,063 | ---- | C] ()
msacc20.ini -> C:\WINDOWS\msacc20.ini -> [2009.03.03 09:26:03 | 000,000,051 | ---- | C] ()
DVD_Start.INI -> C:\WINDOWS\DVD_Start.INI -> [2009.02.26 12:09:14 | 000,000,032 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008.07.22 09:11:23 | 000,690,040 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008.07.22 09:11:23 | 000,161,656 | ---- | C] ()
Cobec4.INI -> C:\WINDOWS\Cobec4.INI -> [2008.07.16 09:02:37 | 000,000,382 | ---- | C] ()
AddPort.ini -> C:\WINDOWS\System32\AddPort.ini -> [2008.02.13 13:24:22 | 000,000,128 | ---- | C] ()
hpntwksetup.ini -> C:\WINDOWS\hpntwksetup.ini -> [2008.02.13 13:23:03 | 000,000,841 | ---- | C] ()
hppatusg01.dll -> C:\WINDOWS\System32\hppatusg01.dll -> [2007.12.20 19:55:14 | 000,110,592 | ---- | C] ()
jst.dll -> C:\WINDOWS\System32\jst.dll -> [2007.10.30 11:23:29 | 000,074,752 | ---- | C] ()
compJNI.dll -> C:\WINDOWS\System32\compJNI.dll -> [2007.10.30 11:23:29 | 000,032,768 | ---- | C] ()
PMLJNI.dll -> C:\WINDOWS\System32\PMLJNI.dll -> [2007.10.30 11:23:28 | 000,102,400 | ---- | C] ()
MPDLL.DLL -> C:\WINDOWS\System32\MPDLL.DLL -> [2007.10.29 13:14:00 | 000,032,768 | ---- | C] ()
megapfad.ini -> C:\WINDOWS\megapfad.ini -> [2007.10.29 13:13:59 | 000,000,134 | ---- | C] ()
hpbvnstp.ini -> C:\WINDOWS\hpbvnstp.ini -> [2007.10.25 12:41:47 | 000,001,367 | ---- | C] ()
HPP2800V.DLL -> C:\WINDOWS\System32\HPP2800V.DLL -> [2007.10.25 12:41:38 | 000,208,896 | ---- | C] ()
Arcel_DA.INI -> C:\WINDOWS\Arcel_DA.INI -> [2007.07.16 10:35:27 | 000,000,153 | ---- | C] ()
PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2007.05.07 09:20:58 | 000,000,151 | ---- | C] ()
_delis43.ini -> C:\WINDOWS\_delis43.ini -> [2007.04.18 11:48:56 | 000,000,252 | ---- | C] ()
ETACoreGUI.INI -> C:\WINDOWS\ETACoreGUI.INI -> [2007.04.03 10:30:00 | 000,000,154 | ---- | C] ()
BRESPA.INI -> C:\WINDOWS\BRESPA.INI -> [2007.03.29 12:20:52 | 000,004,647 | ---- | C] ()
sysprs7.dll -> C:\WINDOWS\System32\sysprs7.dll -> [2007.03.28 17:05:50 | 000,001,025 | ---- | C] ()
lsprst7.dll -> C:\WINDOWS\System32\lsprst7.dll -> [2007.03.28 17:05:50 | 000,000,205 | ---- | C] ()
clauth2.dll -> C:\WINDOWS\System32\clauth2.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C] ()
clauth1.dll -> C:\WINDOWS\System32\clauth1.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C] ()
ssprs.dll -> C:\WINDOWS\System32\ssprs.dll -> [2007.03.28 17:05:33 | 000,000,073 | ---- | C] ()
serauth2.dll -> C:\WINDOWS\System32\serauth2.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
serauth1.dll -> C:\WINDOWS\System32\serauth1.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
nsprs.dll -> C:\WINDOWS\System32\nsprs.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
PeikDur.INI -> C:\WINDOWS\PeikDur.INI -> [2007.03.28 16:53:43 | 000,000,791 | ---- | C] ()
PeikCol.INI -> C:\WINDOWS\PeikCol.INI -> [2007.03.28 16:42:08 | 000,000,614 | ---- | C] ()
delta.ini -> C:\WINDOWS\delta.ini -> [2007.03.28 16:04:03 | 000,000,068 | ---- | C] ()
afcc.INI -> C:\WINDOWS\afcc.INI -> [2007.03.28 15:58:47 | 000,000,058 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007.03.28 15:50:59 | 000,000,116 | ---- | C] ()
hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2007.03.28 15:20:35 | 000,000,178 | ---- | C] ()
UNWISE.INI -> C:\WINDOWS\System32\UNWISE.INI -> [2007.03.28 13:59:24 | 000,006,836 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007.03.19 19:29:32 | 000,000,400 | ---- | C] ()
Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2007.03.19 18:50:18 | 000,018,013 | ---- | C] ()
ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2007.03.19 18:50:15 | 000,005,810 | R--- | C] ()
ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2007.03.19 18:50:08 | 000,005,824 | ---- | C] ()
OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007.03.05 14:34:28 | 000,676,224 | ---- | C] ()
HPDevEnm.dll -> C:\WINDOWS\System32\HPDevEnm.dll -> [2007.02.26 13:12:26 | 000,126,976 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006.06.29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006.06.29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006.04.18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006.04.18 15:39:28 | 000,026,040 | ---- | C] ()
afd.sys -> C:\WINDOWS\System32\drivers\afd.sys -> [2006.02.28 14:00:00 | 000,138,496 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003.02.20 18:53:42 | 000,005,702 | ---- | C] ()
hppcap.ini -> C:\WINDOWS\hppcap.ini -> [2001.10.24 13:49:32 | 000,000,032 | ---- | C] ()
HPTCPMON.INI -> C:\WINDOWS\System32\HPTCPMON.INI -> [2001.07.07 05:00:00 | 000,003,254 | ---- | C] ()
PROTOCOL.INI -> C:\WINDOWS\PROTOCOL.INI -> [1999.03.30 10:09:20 | 000,000,000 | ---- | C] ()
VPWINE.INI -> C:\WINDOWS\VPWINE.INI -> [1999.03.30 10:09:14 | 000,009,180 | ---- | C] ()
VPClient.ini -> C:\WINDOWS\VPClient.ini -> [1999.03.30 10:09:14 | 000,001,236 | ---- | C] ()
[File - Lop Check]
Agito -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Agito -> [2009.07.06 12:34:51 | 000,000,000 | ---D | M]
Downloaded Installations -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations -> [2009.11.05 14:25:02 | 000,000,000 | ---D | M]
Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
Megatech -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Megatech -> [2007.11.03 10:00:02 | 000,000,000 | ---D | M]
MSScanAppDataDir -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir -> [2007.10.30 11:37:49 | 000,000,000 | ---D | M]
PC Suite -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:49 | 000,000,000 | ---D | M]
PixelPlanet -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet -> [2008.07.22 09:11:24 | 000,000,000 | ---D | M]
RIB -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RIB -> [2007.11.08 19:19:09 | 000,000,000 | ---D | M]
Agito -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Agito -> [2009.07.06 12:34:55 | 000,000,000 | ---D | M]
Datalayer -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Datalayer -> [2009.11.05 14:26:33 | 000,000,000 | ---D | M]
Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
IsolatedStorage -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\IsolatedStorage -> [2009.01.20 11:39:08 | 000,000,000 | ---D | M]
PC Suite -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:52 | 000,000,000 | ---D | M]
Profis -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Profis -> [2009.11.23 14:22:31 | 000,000,000 | ---D | M]
RIB -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\RIB -> [2008.01.07 11:04:22 | 000,000,000 | ---D | M]
Samsung -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Samsung -> [2009.11.05 14:34:50 | 000,000,000 | ---D | M]
Schoeck -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\Schoeck -> [2009.09.10 12:26:42 | 000,000,000 | ---D | M]
TeamViewer -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\TeamViewer -> [2010.03.05 21:53:16 | 000,000,000 | ---D | M]
ZiWu-Soft -> C:\Dokumente und Einstellungen\****\Anwendungsdaten\ZiWu-Soft -> [2008.07.22 09:16:19 | 000,000,000 | ---D | M]
[File - Purity Scan]
[Custom Scans]
< NetSvcs >
< Drivers32 >
< %SYSTEMDRIVE%\*.exe >
jPodder-Setup.exe -> C:\jPodder-Setup.exe -> [2007.10.15 11:18:00 | 009,545,267 | ---- | M] ()
wmp11-windowsxp-x86-DE-DE.exe -> C:\wmp11-windowsxp-x86-DE-DE.exe -> [2007.08.21 15:23:22 | 025,842,736 | ---- | M] (Microsoft Corporation)
< %systemroot%\*. /mp /s >
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
mbam.sys -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
mbamswissarmy.sys -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
< %systemroot%\system32\ws2help.dll /md5 >
ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ not found. -> ->
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-06-23 15:30:34 ->
< End of report >
|
|
02.07.2010, 16:22
| #17 |
| /// Selecta Jahrusso   | Trojaner "cleansweep.exe" Rechner stürzt immer ab Ich seh da jetzt nichts.
__________________OTS hat beim ersten Lauf einen Systemwiederherstellungspunkt gesetzt. Versuch diesen einmal und ob der Rechner danach normal startet
__________________ |
|
02.07.2010, 16:41
| #18 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab Ich schreibe dir von meinem Hauptrechner, Systemwiederherstellungspunkt hat geklappt.
__________________ Ich hatte schon die schlimmsten befürchtungen. Ich werde nun den Rechner im Auge behalten, ob der Trojaner wieder kommt! Ich danke dir vielmals für deine RIESEN hilfe!!! Kleine Frage zum Schluss: CCleaner, kann man dieses Prog bedenkenlos benutzen? |
|
02.07.2010, 16:52
| #19 |
| /// Selecta Jahrusso | Trojaner "cleansweep.exe" Rechner stürzt immer ab Ja CCleaner ist gut, ich rate aber generell von Reg CLeaner ab Bitte noch folgendes. Lass Malwarebytes im NormalModus laufen. QuickScan reicht Schritt 2 Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte poste in Deiner nächsten Antwort MBAM Log ESET Logfile
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
02.07.2010, 17:03
| #20 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab ESET Scann mache ich morgen früh. Poste ich dann nachträglich. Der dauert sehr lange und ich muss jetzt weg. Aber zur Info, der erste Befund wurde bei 18% gemacht :-( -------------------------------------------------- Quickscan Maleware Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4267 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02.07.2010 18:01:38 mbam-log-2010-07-02 (18-01-38).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 138544 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Terminus (02.07.2010 um 17:15 Uhr) |
|
03.07.2010, 10:37
| #21 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=16a80aa4cf01474ea94b6d5c6396dba2 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-02 04:12:43 # local_time=2010-07-02 06:12:43 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 93 387058 37183502 103137 0 # compatibility_mode=8192 67108863 100 0 94 94 0 0 # scanned=12724 # found=1 # cleaned=1 # scan_time=354 C:\Dokumente und Einstellungen\****\Desktop\Upload\rasysc.dll.vir a variant of Win32/Cimag.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=16a80aa4cf01474ea94b6d5c6396dba2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-03 09:24:36 # local_time=2010-07-03 11:24:36 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 93 442632 37239076 158711 0 # compatibility_mode=8192 67108863 100 0 55668 55668 0 0 # scanned=288175 # found=0 # cleaned=0 # scan_time=6693 Diesmal 0 Funde ??? Nach dem Scann ist mir der Rechner abgestürzt. Und immer will sich mein JAVA Updaten ??? Ich bemerke folgenden Rhytmus beim Surfen. 1. Firefox starten 2. Surfen 3. Nach 1-2 min öffnet sich ein mir NIE bekanntes Fenster 4. Kurz danach springt erscheint im Systray das Java Logo mit dem Aktualisierungswunsch Geändert von Terminus (03.07.2010 um 10:44 Uhr) |
|
03.07.2010, 20:18
| #22 |
| /// Selecta Jahrusso | Trojaner "cleansweep.exe" Rechner stürzt immer ab Ein mir nie bekanntes Fenster? Tja, was soll ich damit anfangen ? Update dein Java Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
05.07.2010, 05:35
| #23 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab Moin moin, mit dem Fenster meinte ich das der Firefox aufspringt und eine Website besucht die ich nicht kenne. War nur so als bemerkung am Rande angedacht. Vielleicht ist das ja ein bekanntes verhalten von einem Trojaner? hier einmal der Normale Scan ------------------------------- OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 05.07.2010 06:16:05 - Run 1 OTL by OldTimer - Version 3.2.7.1 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 434,00 Mb Available Physical Memory | 43,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,53 Gb Total Space | 9,39 Gb Free Space | 31,80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 203,35 Gb Total Space | 140,54 Gb Free Space | 69,11% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive O: | 253,34 Gb Total Space | 130,30 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Drive P: | 253,34 Gb Total Space | 130,30 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Drive Q: | 253,34 Gb Total Space | 130,30 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Drive S: | 253,34 Gb Total Space | 130,30 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Computer Name: ***** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.07.05 06:14:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe PRC - [2010.04.21 07:52:58 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.04.06 12:55:06 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.20 20:18:40 | 000,102,400 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe PRC - [2007.12.20 20:18:40 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe PRC - [2007.12.20 19:56:42 | 000,069,120 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe PRC - [2007.10.30 12:00:39 | 000,020,572 | ---- | M] () -- C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe PRC - [2007.04.04 00:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- E:\DAEMON Tools\daemon.exe PRC - [2006.10.23 02:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2006.02.28 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe PRC - [2005.03.24 22:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe PRC - [1999.12.23 19:09:48 | 000,020,480 | ---- | M] () -- C:\dicad\strauti\numplus.exe ========== Modules (SafeList) ========== MOD - [2010.07.05 06:14:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010.04.21 07:52:58 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.24 22:34:46 | 000,176,640 | ---- | M] (Agito d.o.o.) [Disabled | Stopped] -- C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe -- (Hilti PROFIS AutoUpdate Service) SRV - [2007.05.08 11:16:37 | 000,069,632 | ---- | M] (Adobe Systems) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2006.06.05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.02.28 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.11.02 16:18:11 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY) DRV - [2007.10.29 13:06:17 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm) DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj) DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac) DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2006.11.22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2006.07.19 03:50:36 | 000,033,408 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_2k.sys -- (AtcL001) DRV - [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005.02.02 17:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK) DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2001.08.23 23:03:54 | 000,025,434 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.06 12:55:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.06 12:55:11 | 000,000,000 | ---D | M] [2008.09.05 13:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2010.07.03 09:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions [2009.09.04 12:53:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.09.05 13:57:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.02 17:41:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.03 09:39:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.05.18 09:01:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.05.18 09:01:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.05.18 09:01:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.05.18 09:01:54 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.05.18 09:01:54 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.01 12:55:03 | 000,411,503 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 196.10.11.101 brsys O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14218 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [KnexStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [RunTasktray] File not found O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard) O4 - HKCU..\Run: [DAEMON Tools] E:\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NumPlus.lnk = C:\dicad\strauti\numplus.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.03.19 18:28:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O33 - MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell - "" = AutoRun O33 - MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.05 06:14:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.07.03 11:07:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM [2010.07.03 11:06:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.03 11:06:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.03 11:06:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.07.02 17:55:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.02 17:55:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.02 17:55:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware_Neu [2010.07.02 17:54:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\****\Desktop\mbam-setup.exe [2010.07.02 15:05:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2010.07.02 15:05:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.02 15:05:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.02 11:39:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Upload [2010.07.01 12:04:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.07.01 12:04:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.18 06:56:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3 [2010.06.10 09:31:05 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll ========== Files - Modified Within 30 Days ========== [2010.07.05 06:14:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.07.05 06:12:37 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.05 06:12:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.05 06:12:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.05 06:12:08 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.07.05 06:12:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.05 06:11:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.05 06:11:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.03 14:10:47 | 015,990,784 | ---- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.dat [2010.07.03 14:10:47 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini [2010.07.03 13:49:15 | 000,192,997 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Scan 03.07.10.JPG [2010.07.02 17:56:01 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.02 17:54:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\****\Desktop\mbam-setup.exe [2010.07.02 16:57:23 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\~$crosoft Office Word-Dokument (neu).doc [2010.07.02 14:29:02 | 000,000,132 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2010.07.02 12:31:01 | 001,077,890 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.02 12:31:01 | 000,462,306 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.02 12:31:01 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.02 12:31:01 | 000,085,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.02 12:31:01 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.02 11:37:35 | 000,001,236 | ---- | M] () -- C:\WINDOWS\VPClient.ini [2010.07.02 11:08:53 | 001,659,944 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.07.01 12:55:03 | 000,411,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.07.01 12:54:43 | 000,411,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-125503.backup [2010.07.01 12:48:01 | 000,411,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-125443.backup [2010.07.01 07:18:46 | 000,000,178 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2010.06.23 07:59:26 | 000,138,775 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf [2010.06.22 09:04:30 | 000,000,189 | ---- | M] () -- C:\Dokumente und Einstellungen\****\default.pls [2010.06.22 09:04:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.06.18 07:09:57 | 000,016,384 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.15 07:29:43 | 000,048,640 | ---- | M] () -- C:\WINDOWS\AKDeInstall.exe [2010.06.11 06:21:48 | 000,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.10 18:46:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.09 14:27:40 | 000,057,063 | ---- | M] () -- C:\Pos3.dat ========== Files Created - No Company Name ========== [2010.07.03 13:49:15 | 000,192,997 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Scan 03.07.10.JPG [2010.07.02 17:56:01 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.02 16:57:23 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\~$crosoft Office Word-Dokument (neu).doc [2010.07.02 14:27:14 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2010.07.02 13:12:36 | 015,990,784 | ---- | C] () -- C:\Dokumente und Einstellungen\****\ntuser.dat [2010.07.01 16:46:08 | 000,002,319 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.07.01 16:46:08 | 000,001,726 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk [2010.06.23 07:59:26 | 000,138,775 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf [2010.06.15 07:29:43 | 000,048,640 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe [2010.06.09 14:01:46 | 000,057,063 | ---- | C] () -- C:\Pos3.dat [2009.03.03 09:26:03 | 000,000,051 | ---- | C] () -- C:\WINDOWS\msacc20.ini [2009.02.26 12:09:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\DVD_Start.INI [2008.07.22 09:11:23 | 000,690,040 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008.07.22 09:11:23 | 000,161,656 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008.07.16 09:02:37 | 000,000,382 | ---- | C] () -- C:\WINDOWS\Cobec4.INI [2008.02.13 13:24:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.02.13 13:23:03 | 000,000,841 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2007.12.20 19:55:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll [2007.10.30 11:23:29 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll [2007.10.30 11:23:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll [2007.10.30 11:23:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll [2007.10.29 13:14:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPDLL.DLL [2007.10.29 13:13:59 | 000,000,134 | ---- | C] () -- C:\WINDOWS\megapfad.ini [2007.10.29 13:06:16 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.10.25 12:41:47 | 000,001,367 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini [2007.10.25 12:41:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL [2007.07.16 10:35:27 | 000,000,153 | ---- | C] () -- C:\WINDOWS\Arcel_DA.INI [2007.05.07 09:20:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007.04.18 11:48:56 | 000,000,252 | ---- | C] () -- C:\WINDOWS\_delis43.ini [2007.04.03 10:30:00 | 000,000,154 | ---- | C] () -- C:\WINDOWS\ETACoreGUI.INI [2007.03.29 12:20:52 | 000,004,647 | ---- | C] () -- C:\WINDOWS\BRESPA.INI [2007.03.28 17:05:50 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007.03.28 17:05:50 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007.03.28 17:05:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007.03.28 17:05:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007.03.28 17:05:33 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007.03.28 17:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2007.03.28 17:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2007.03.28 17:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2007.03.28 16:53:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\PeikDur.INI [2007.03.28 16:42:08 | 000,000,614 | ---- | C] () -- C:\WINDOWS\PeikCol.INI [2007.03.28 16:04:03 | 000,000,068 | ---- | C] () -- C:\WINDOWS\delta.ini [2007.03.28 15:58:47 | 000,000,058 | ---- | C] () -- C:\WINDOWS\afcc.INI [2007.03.28 15:50:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.03.28 15:20:35 | 000,000,178 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2007.03.28 13:59:24 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2007.03.19 19:29:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.03.19 18:50:18 | 000,018,013 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.03.19 18:50:15 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007.03.19 18:50:08 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.03.05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.02.26 13:12:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\HPDevEnm.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.10.24 13:49:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\hppcap.ini [2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1999.03.30 10:09:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [1999.03.30 10:09:14 | 000,009,180 | ---- | C] () -- C:\WINDOWS\VPWINE.INI [1999.03.30 10:09:14 | 000,001,236 | ---- | C] () -- C:\WINDOWS\VPClient.ini < End of report > |
|
05.07.2010, 05:37
| #24 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab Und hier der Extra Log, muste ihn als Anhang beifügen da es anders nicht ging. Mein Antivir hat Samstag wieder einen Trojaner gefunden. Es soll sich um folgenden gehandelt haben: "TR/Agent.200705" |
|
05.07.2010, 14:07
| #25 | |
| /// Selecta Jahrusso | Trojaner "cleansweep.exe" Rechner stürzt immer abZitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.07.2010, 05:51
| #26 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab So heute morgen war es mal wieder so weit, folgende Seite öffnete sich einfach so h**p://safe-monitoring-9.in/phpbb/image/index.php?ID=105527&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002TlRvaU1qZzVOamtpTzNNNk1USTZJbUZrZG1WeWRHbHpaVjlwWkNJN2N6bzJPaUl 4TURZek5qa2lPM002TkRvaWEzQndhU0k3VGp0OWN6b3pPaUp0WkRVaU8zTTZNekk2SW1ZeVptUmhZelJtTVRNM1pUUm1aVGN6TlRjMlpXRmtOek0xTXpneE5qa3dJanQ5 Als ich gestern in Google etwas gesucht habe und auf einen Link von Google geklickt habe kam ich nicht auf den Link, sondern immer auf ganz andere Seiten. Hier mal die falschen verlinkungen - h**p://jesuscaresaboutyou.org/search.php - h**p://murrayfeiss.com/search.php - h**p://click.top10recipes.com/r.php?h=f4bf7ac746782627988fb3adf3ed5c47&s=c&px=1&wf=1&ai=4614&fm=1591&st=videokonferenz+software+kostenlos&tos=1278335593 - h**p://decalsolutionspro.com/result.php?Keywords=videokonferenz+software+kostenlos&r=36ce98120b6d6573d46bd52673aa82bee727bd050a54a4449ffda37081cdd3a35811758d4054cb9fba87d8910752c8 4d&Submit=Go Und meine Firewall meldete sich gerade, das sie eine Anwendung des Exploreres Geblockt hat? Alles sehr eindeutige Zeichen das da irgendwas noch aufm Rechner ist. Gruß Benni |
|
06.07.2010, 13:38
| #27 |
| /// Selecta Jahrusso | Trojaner "cleansweep.exe" Rechner stürzt immer ab Die Umleitungen mit allen Browsern ? Bitte
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.07.2010, 14:11
| #28 |
| | Trojaner "cleansweep.exe" Rechner stürzt immer ab Hallo Daniel, ich muste nun die Formatierung wählen. Der Rechner lies sich keine 5min mehr benutzen ohne das er abgestürtzt ist. Ich wollte eigentlich um jeden Preis dies vermeiden, aber nun gut. :-( Ich möchte mich hier noch einmal ganz herzlichst bei dir und deiner Hilfsbereitschaft bedanken, selten habe ich so schnelle und kompetente beratung erlebt. DANKE Ich sehe dieses Thema als Geschlossen. Gruß Benni |
|
06.07.2010, 15:13
| #29 |
| /// Selecta Jahrusso | Trojaner "cleansweep.exe" Rechner stürzt immer ab Ist sowieso der sicherste Weg. Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich. Jeder andere möge bitte einen eigenen Thread starten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Trojaner "cleansweep.exe" Rechner stürzt immer ab |
| 0 bytes, antivir, antivir guard, avgnt, avira, bho, browseui preloader, cleansweep.exe, crypt.xpack.gen, desktop, einstellungen, entfernen, excel, fehler, firefox, frage, google, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, langsam, mozilla, plug-in, programm, rechner sehr langsam, rundll, sehr langsam, shortcut, software, system, trojaner, virus/trojaner, windows, windows xp |
Linear-Darstellung
