Trojan.Generic.4060291 entfernen

Uli2222 · 16.09.2010, 16:36

Ich hoffe, das ist richtig, dass ich erstmal das OTL logfile Poste:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.09.2010 16:42:15 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 304,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,98 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive D: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-GMELIN
Current User Name: Dr. Ulrich Gmelin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
PRC - [2010.08.28 13:17:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010.08.23 19:01:37 | 000,058,024 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
PRC - [2010.08.23 18:53:27 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2010.08.23 18:53:27 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.07.27 00:41:12 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010.07.14 16:03:24 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009.10.14 15:20:43 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2009.07.09 11:34:54 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
PRC - [2009.07.09 11:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2009.07.09 11:34:52 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE
PRC - [2009.07.09 11:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.20 17:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.04.10 18:25:42 | 002,852,200 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.10 14:43:16 | 002,191,360 | ---- | M] (Zimmer Elektromedizin) -- \\Empfang\d\ZIMMER\TERMIN\Termin.exe
PRC - [2005.02.16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.05.23 20:15:42 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.10.01 14:29:48 | 000,376,832 | ---- | M] (Philips Speech Processing) -- C:\WINDOWS\system32\pspcontr.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
MOD - [2009.07.09 11:35:14 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Spam Control\fsscoepl.dll
MOD - [2009.07.09 11:34:16 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure internet security\hips\fshook32.dll
MOD - [2009.04.10 18:28:14 | 000,161,128 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dgniedct.dll
MOD - [2009.04.10 18:27:02 | 000,062,824 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\nlutmgrhook.dll
MOD - [2009.04.10 18:26:22 | 000,193,896 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dd10hook.dll
MOD - [2009.04.10 18:26:20 | 000,234,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dd10axa.dll
MOD - [2009.04.10 18:20:18 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\msvcp60.dll
MOD - [2008.04.14 02:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008.04.14 02:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwprovau.dll
MOD - [2008.04.14 02:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008.04.14 02:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008.04.14 02:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008.04.14 02:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008.04.14 02:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008.04.14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004.05.23 20:15:36 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.08.23 19:01:37 | 000,058,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.07.27 00:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009.10.14 15:20:43 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.07.09 11:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.07.09 11:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.08.31 12:00:52 | 000,041,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010.08.03 13:09:03 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010.06.23 04:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.06.23 04:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.07.09 11:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.07.09 11:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009.07.09 11:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009.07.09 11:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009.04.09 13:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004.06.02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.05.23 20:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.03.19 06:27:34 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2004.01.18 04:48:08 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.05.06 19:46:38 | 000,027,008 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbsd.sys -- (WBSD) Winbond Secure Digital Storage (SD/MMC)
DRV - [2003.05.03 18:16:00 | 001,170,464 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.03.31 21:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003.03.31 21:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003.03.15 16:00:02 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001.08.17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010.09.07 15:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.19 11:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.31 19:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010.09.16 13:35:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PspContr] C:\WINDOWS\System32\pspcontr.exe (Philips Speech Processing)
O4 - HKLM..\Run: [PspUsbCf] C:\WINDOWS\System32\pspusbcf.exe (Philips Speech Processing)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [RecordNow!]  File not found
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Dr. Ulrich Gmelin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250188737217 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 91.89.91.89
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.08.13 19:26:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d1e206f2-47ea-11df-9da3-000fb0427036}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.16 16:39:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 13:49:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.16 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.09.16 13:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.09.16 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.09.15 07:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SSH
[2010.09.15 07:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\SSH Secure Shell
[2010.09.14 21:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\SSHTunnelClient
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Conduit
[2010.09.07 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Hotspot_Shield
[2010.09.07 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot_Shield
[2010.09.07 20:36:56 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010.09.07 20:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010.09.01 10:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.09.01 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2010.08.28 21:38:21 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010.08.28 21:38:21 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010.08.28 21:38:20 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010.08.28 21:38:20 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2010.08.28 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2010.08.28 21:38:19 | 000,516,784 | R--- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010.08.28 21:38:19 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.08.28 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010.08.28 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 16:25:01 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.16 15:37:35 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon Medical 10.0.lnk
[2010.09.16 15:03:11 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DATA.INI
[2010.09.16 14:07:31 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.16 14:07:30 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.16 14:06:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.16 14:05:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.16 14:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.16 14:05:45 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.16 14:04:42 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\NTUSER.DAT
[2010.09.16 14:04:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\ntuser.ini
[2010.09.16 09:32:57 | 000,001,235 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2010.09.15 22:45:09 | 000,237,056 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.15 21:06:24 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BabasChess.lnk
[2010.09.15 07:45:13 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.15 03:04:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.14 21:58:11 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.14 13:53:44 | 000,011,616 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.11 13:29:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.09 14:28:00 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.09 14:28:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010.09.03 14:00:37 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.03 14:00:37 | 000,074,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.03 14:00:36 | 000,532,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.02 07:27:41 | 005,292,840 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\IconCache.db
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.31 12:00:52 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.08.29 17:31:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:21 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:13 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:18 | 000,079,410 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.15 07:45:13 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.14 21:50:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.02 19:04:48 | 000,011,616 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.29 17:31:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:20 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010.08.28 21:38:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2010.08.28 21:38:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:17 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010.08.28 21:31:13 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:17 | 000,079,410 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[2009.12.05 12:22:56 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\burnaware.ini
[2009.10.12 10:11:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.09.23 09:56:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009.09.06 18:45:23 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[2009.09.06 18:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2009.09.06 18:03:53 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2009.09.06 18:03:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspprefq.ini
[2009.09.06 15:15:35 | 000,237,056 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 18:53:00 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\fusioncache.dat
[2009.08.14 13:50:14 | 000,000,254 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.14 13:50:13 | 000,006,855 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009.08.14 13:49:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DATA.INI
[2009.08.14 11:17:17 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2009.08.14 11:17:16 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2009.08.13 20:27:09 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009.08.13 19:54:05 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.13 19:46:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009.08.13 19:40:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2004.06.02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.01.18 04:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.06 01:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.03.31 21:00:00 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\sysadt.dll
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :files >
 
< C:\Windows\System32\*.tmp >
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
< C:\Windows\*.tmp >
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
< End of report >

--- --- ---

Trojan.Generic.4060291 entfernen

Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.4060291 entfernen

Trojan.Generic.4060291 entfernen

Ähnliche Themen: Trojan.Generic.4060291 entfernen