| |
| |||||||
Log-Analyse und Auswertung: Nach Trojaner Desktop schwarz Programme und Dateien verschwundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.05.2011, 18:52
| #1 |
 |  Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Hall zusammen, habe ebenfalls das Problem: der Bildschirm wurde schwarz, dann verschwanden alle Desktop-Icons und es öffnete sich nach einigen suspekten Meldungen (Festplatte defekt, schwere Fehler im System) "Windows Recovery". Habe die in den anderen Threads beschriebenen Schritte durchgeführt: -Malware scan durchgeführt infizierte Dateien entfernt danach otl.exe ausgeführt und die beiden log-files erstellt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.05.2011 19:20:30 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Pradt\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 226,04 Gb Total Space | 155,76 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.19 19:19:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Pradt\Desktop\OTL.exe PRC - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe PRC - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe PRC - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe PRC - [2011.04.05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe PRC - [2009.08.24 15:44:54 | 000,471,040 | ---- | M] (SHI Elektronische Medien GmbH) -- C:\Programme\WEKA\Musterverträge 09.09\SHIWebOnDisk.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.05 15:30:34 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe PRC - [2007.10.05 15:30:26 | 000,410,864 | ---- | M] () -- C:\Programme\Dell 968 AIO Printer\memcard.exe PRC - [2007.10.05 15:30:18 | 000,455,920 | ---- | M] () -- C:\Programme\Dell 968 AIO Printer\dldomon.exe PRC - [2007.08.28 16:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe PRC - [2007.07.27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007.07.20 18:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.06.26 20:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2007.06.06 17:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2007.04.16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2007.02.21 13:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007.02.21 13:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007.02.21 13:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007.02.21 13:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007.01.31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2006.11.05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 13:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe PRC - [2006.11.05 13:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe PRC - [2006.11.05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006.11.02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe PRC - [2006.10.03 13:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2006.08.17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe ========== Modules (SafeList) ========== MOD - [2011.05.19 19:19:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2011.04.08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2011.04.14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.04.14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010.10.07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2008.10.09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2008.06.13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008.04.10 15:58:58 | 000,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHMLDCS.EXE -- (OKI OPHM DCS Loader) SRV - [2007.10.05 15:30:46 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService) SRV - [2007.10.05 15:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device) SRV - [2007.03.19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007.02.21 13:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007.01.31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.11.05 13:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006.11.05 13:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.14 16:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2004.10.22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.04.14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.04.14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011.04.14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.04.14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.04.14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2011.04.14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2011.04.14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.04.14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2011.04.14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2011.04.14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.11.08 11:55:18 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.08.25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2008.08.25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2008.08.25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.08.28 16:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.08.28 16:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.06.06 17:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007.05.09 01:05:36 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.05.08 23:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2007.05.08 23:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.05.08 23:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.05.08 23:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.04.23 23:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007.04.23 23:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007.04.23 23:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007.02.25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2007.02.21 13:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.01.11 21:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.01.11 21:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2006.12.04 23:33:34 | 000,149,123 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.12.04 23:33:34 | 000,047,907 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2006.12.04 23:33:32 | 000,329,901 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.11.02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02) DRV - [2006.10.05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006.08.18 15:18:06 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006.08.18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006.08.18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.08.18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.08.18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.08.18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.08.18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.08.18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.08.11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006.08.11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2006.05.24 20:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2006.05.24 20:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.05.24 20:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.05.24 20:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006.05.24 20:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005.08.12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2004.08.04 16:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 16:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1071121 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1071121 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1071121 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2011.05.19 09:26:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.15 22:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.02 21:36:43 | 000,000,000 | ---D | M] [2011.03.31 11:33:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\extensions [2010.01.27 21:32:51 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.10 21:51:12 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.31 11:33:50 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.31 11:33:49 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\extensions\engine@conduit.com [2010.05.12 18:40:48 | 000,001,042 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\searchplugins\icqplugin.xml [2010.10.26 19:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.19 16:20:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.26 19:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009.07.14 18:00:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2009.06.25 17:06:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.07.14 18:00:26 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2009.07.14 18:00:26 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2009.07.14 18:00:26 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2009.07.14 18:00:27 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2009.07.14 18:00:27 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.01.11 13:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2009.07.14 18:00:38 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.14 18:00:38 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.19 08:50:01 | 000,002,047 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml [2009.07.14 18:00:38 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.14 18:00:38 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.16 11:26:15 | 000,000,844 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.5 server O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110515223224.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Programme\Dell 968 AIO Printer\fm3032.exe () O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dldomon.exe] C:\Programme\Dell 968 AIO Printer\dldomon.exe () O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MemoryCardManager] C:\Programme\Dell 968 AIO Printer\memcard.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe () O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [extensionx.exe] File not found O4 - HKCU..\Run: [Tordvd] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: 1und1.de ([kundenshop] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: simyo.de ([www] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell - "" = AutoRun O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\Install.exe O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell - "" = AutoRun O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell - "" = AutoRun O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell - "" = AutoRun O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.19 19:19:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.19 19:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee [2011.05.19 18:53:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2011.05.19 13:44:39 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2011.05.19 13:44:39 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2011.05.19 11:56:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pradt\Eigene Dateien\Simply Super Software [2011.05.19 11:56:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2011.05.19 11:56:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2011.05.19 11:56:39 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011.05.19 11:56:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software [2011.05.19 11:56:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2011.05.19 11:56:08 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Dokumente und Einstellungen\***\Desktop\trjsetup682.exe [2011.05.19 11:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Identities [2011.05.19 11:50:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2011.05.19 11:49:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2011.05.19 08:54:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.19 08:54:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.05.19 08:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.05.19 08:54:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.19 08:50:00 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.05.19 07:25:33 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2011.05.19 00:24:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows XP Recovery [2011.05.11 12:32:58 | 000,000,000 | ---D | C] -- C:\fec7a554ecec8c7e77469fdf5c5e5b [2011.04.21 19:42:43 | 000,000,000 | ---D | C] -- C:\UserData [2011.04.21 19:33:34 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [2011.04.21 19:33:34 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [2011.04.21 19:33:34 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys [2011.04.21 19:33:34 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys [2011.04.21 19:33:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\1&1 Surf-Stick [2011.04.21 19:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2011.04.21 19:33:11 | 000,000,000 | ---D | C] -- C:\Programme\1&1 Surf-Stick [2008.10.28 11:39:19 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll [2007.10.05 15:30:36 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe [2007.10.05 15:30:34 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe [2007.10.05 15:30:32 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe [2007.09.10 20:50:23 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll [2007.09.10 20:46:53 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll [2007.09.10 20:43:34 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll [2007.09.10 20:43:26 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll [2007.09.10 20:43:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll [2007.09.10 20:41:48 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll [2007.09.10 20:41:09 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll [2007.09.10 20:40:22 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll [2007.09.10 20:38:56 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll [2007.09.10 20:36:26 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.19 19:19:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.19 19:13:49 | 000,055,493 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2011.05.19 19:13:41 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.05.19 19:13:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.19 19:13:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.19 19:13:12 | 3756,191,744 | -HS- | M] () -- C:\hiberfil.sys [2011.05.19 19:09:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.05.19 18:54:22 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.19 18:53:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2011.05.19 12:22:51 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.19 11:56:43 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2011.05.19 11:56:23 | 010,488,608 | ---- | M] (Simply Super Software ) -- C:\Dokumente und Einstellungen\***\Desktop\trjsetup682.exe [2011.05.19 07:04:14 | 000,055,493 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2011.05.19 00:24:47 | 000,000,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18013988 [2011.05.19 00:24:44 | 000,000,829 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Windows XP Recovery.lnk [2011.05.17 09:47:58 | 002,059,245 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ARN_110126_VdS Prüfbericht Sprinkler (behördl ).pdf [2011.05.13 14:39:00 | 000,493,630 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SCAN2223_000.pdf [2011.05.12 15:34:54 | 001,509,127 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Arn206_Feuerwehrbewegungsflächen_Fotos.pdf [2011.05.06 18:17:00 | 006,823,310 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Attachments.zip [2011.05.02 09:32:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.19 11:56:43 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2011.05.19 11:56:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011.05.19 11:56:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2011.05.19 11:56:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011.05.19 11:56:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2011.05.19 08:54:18 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.19 00:24:47 | 000,000,040 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18013988 [2011.05.19 00:24:44 | 000,000,829 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Windows XP Recovery.lnk [2011.05.17 09:47:58 | 002,059,245 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ARN_110126_VdS Prüfbericht Sprinkler (behördl ).pdf [2011.05.13 14:39:00 | 000,493,630 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SCAN2223_000.pdf [2011.05.12 13:39:49 | 001,509,127 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Arn206_Feuerwehrbewegungsflächen_Fotos.pdf [2011.05.06 18:17:00 | 006,823,310 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Attachments.zip [2011.04.21 19:42:43 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2011.03.13 12:15:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.06 11:01:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.03.22 22:30:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.12.23 20:48:52 | 000,002,528 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2009.12.03 14:32:28 | 000,000,149 | ---- | C] () -- C:\WINDOWS\bg_info.ini [2009.11.13 12:06:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\vrm.ini [2009.11.13 11:25:52 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS [2008.10.28 11:47:36 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008.10.28 11:47:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\021F96F940.sys [2008.10.28 11:39:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll [2008.10.28 11:38:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll [2008.10.28 11:38:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL [2008.10.28 11:38:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL [2008.10.28 11:38:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL [2008.10.28 11:37:26 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\dldocoin.dll [2008.07.14 21:19:20 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.07.14 21:19:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008.01.07 22:54:52 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2008.01.07 22:54:52 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2008.01.07 22:54:52 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2008.01.07 22:54:52 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2008.01.07 22:54:52 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2008.01.07 22:54:52 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2008.01.07 22:54:52 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2008.01.07 22:54:52 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2008.01.07 22:54:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2008.01.07 22:54:52 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2008.01.07 22:54:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2008.01.07 22:54:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2008.01.07 22:54:52 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2008.01.07 22:54:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2008.01.07 22:54:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2008.01.07 22:54:52 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2008.01.07 22:54:52 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2008.01.07 22:54:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2008.01.07 22:54:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007.12.10 22:35:43 | 000,001,142 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.12.10 22:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.11.26 23:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DSLTEST.INI [2007.11.26 22:42:28 | 000,017,408 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.26 21:02:55 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.11.21 00:06:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.11.20 23:52:40 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2007.11.20 23:46:23 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2007.11.20 23:46:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.11.20 23:41:04 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin [2007.11.20 23:39:59 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2007.11.20 23:18:31 | 000,055,493 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2007.11.20 23:11:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe [2007.11.20 23:11:17 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007.11.20 23:10:35 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007.11.20 23:10:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.11.20 23:10:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.11.20 23:10:34 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007.11.20 23:10:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.11.20 23:10:33 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.11.20 23:10:33 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007.11.20 23:10:31 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007.11.20 23:10:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007.11.20 23:09:32 | 000,001,501 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007.09.19 04:14:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll [2007.09.19 04:14:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll [2007.09.19 04:14:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll [2007.09.19 04:07:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll [2007.09.06 22:40:36 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll [2007.09.05 05:52:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll [2007.09.05 05:52:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll [2007.09.05 05:51:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll [2007.09.05 05:51:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll [2007.09.05 05:50:36 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll [2007.08.31 20:51:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll [2007.08.01 10:15:51 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll [2007.06.14 22:45:05 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll [2006.11.07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe [2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006.08.01 07:53:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll [2006.05.24 20:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2004.08.13 15:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 14:59:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004.08.13 14:52:23 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.13 14:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 14:47:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.08.13 14:46:51 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.08.13 14:40:54 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.13 14:40:54 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.13 14:40:54 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.13 14:40:54 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.13 14:40:54 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004.08.13 14:40:53 | 000,521,836 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.13 14:40:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.13 14:40:53 | 000,110,578 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.13 14:40:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.13 14:40:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.13 14:40:39 | 000,492,860 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.13 14:40:39 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.13 14:40:39 | 000,090,880 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.13 14:40:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.13 14:40:37 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.13 14:40:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.13 14:40:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.08.13 14:40:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.13 14:40:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.13 14:40:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.13 14:40:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001.11.14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2008.10.28 11:38:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\968 Series [2010.01.04 13:09:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2008.01.15 16:52:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bentley [2011.01.11 19:16:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2008.08.17 11:39:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2011.03.10 21:51:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.11.16 11:27:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPHM [2009.11.13 11:31:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SHI [2011.05.19 11:56:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2007.11.20 23:54:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft [2009.02.10 23:30:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.11.26 16:47:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\968 Series [2008.12.16 10:25:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk [2008.01.15 16:52:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bentley [2011.01.09 14:09:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buse [2011.01.11 19:17:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2011.05.19 11:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2009.12.23 20:49:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoPal Assistant [2011.05.18 19:50:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ [2011.05.13 10:21:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong [2011.05.19 11:56:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software [2011.01.14 17:24:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer [2007.11.26 22:39:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\tmp [2011.03.09 21:08:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Twainwin [2011.01.09 14:09:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Usylyp [2010.09.22 21:44:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vShare [2010.12.30 14:33:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wyirow [2010.12.23 10:48:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ywryo ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > und die extra-log-file:OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.05.2011 19:20:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 226,04 Gb Total Space | 155,76 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Dell\MediaDirect\PCMService.exe" = C:\Programme\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\WINDOWS\system32\dldocoms.exe" = C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System -- ( )
"C:\Programme\Dell 968 AIO Printer\dldomon.exe" = C:\Programme\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Programme\Dell 968 AIO Printer\dldoaiox.exe" = C:\Programme\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe -- ()
"C:\Programme\Dell 968 AIO Printer\dldoafcn.exe" = C:\Programme\Dell 968 AIO Printer\dldoafcn.exe:*:Enabled: -- ()
"C:\Programme\Dell 968 AIO Printer\DLDOFax.exe" = C:\Programme\Dell 968 AIO Printer\DLDOFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Programme\Forum Verlag\VOB2009CD-ROM\EasyBrowse2K2.exe" = C:\Programme\Forum Verlag\VOB2009CD-ROM\EasyBrowse2K2.exe:*:Enabled:EB.2go -- (EasyBrowse® GmbH)
"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Dokumente und Einstellungen\Rettung\Desktop\Facemoods.exe" = C:\Dokumente und Einstellungen\Rettung\Desktop\Facemoods.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = AT-AR215 USB ADSL MODEM
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8935F3E5-B07C-4753-ACB4-E519BBAE0820}" = Bentley View XM Edition 08.09.04.51
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core
"{90F60407-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - German
"{910939B7-A39D-56D5-DC41-745F69338F8D}" = PO-VIDEO-PLAYER
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F1883AF-32C6-4E3A-92FF-D5D84CD565E0}" = Formex
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Bauleiterhandbuch - Vorlagen 4.0" = Bauleiterhandbuch - Vorlagen 4.0
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"conduitEngine" = Conduit Engine
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"CSCLIB" = Canon Camera Support Core Library
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"facemoods" = Facemoods Toolbar
"Feurio" = Feurio! CD-Writer
"FreePDF_XP" = FreePDF XP (Remove only)
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0047
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PRJPROR" = Microsoft Office Project Professional 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spyware Doctor" = Spyware Doctor 6.0
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Dell Touchpad
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Veetle TV" = Veetle TV 0.9.16
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WEKA MUSTERVERTR_GE UND _BRIEFE NACH HOAI UND VOB 09_09" = WEKA Musterverträge und -briefe nach HOAI und VOB 09.09
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VOB 2009 und BGB am Bau - Stand Januar 2010" = VOB 2009 und BGB am Bau - Stand Januar 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2011 06:52:55 | Computer Name = *** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 08.05.2011 01:39:43 | Computer Name = *** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 08.05.2011 01:39:43 | Computer Name = *** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 15.05.2011 05:21:58 | Computer Name = *** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 15.05.2011 05:21:59 | Computer Name = *** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
[ OSession Events ]
Error - 12.12.2007 14:47:42 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2007 18:58:40 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.01.2008 14:51:48 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.01.2008 15:35:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3056
seconds with 300 seconds of active time. This session ended with a crash.
Error - 06.02.2008 15:45:37 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.03.2008 16:12:42 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 567
seconds with 60 seconds of active time. This session ended with a crash.
Error - 04.05.2008 04:08:26 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 12:15:12 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 9, Application Name: Microsoft Office Project, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32955
seconds with 9300 seconds of active time. This session ended with a crash.
Error - 28.03.2011 03:36:17 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8202
seconds with 1140 seconds of active time. This session ended with a crash.
Error - 28.03.2011 03:43:08 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 404
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.05.2011 07:04:39 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 19.05.2011 12:32:24 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "General Purpose USB Driver (adildr.sys)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 19.05.2011 12:32:24 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst dldoCATSCustConnectService.
Error - 19.05.2011 12:32:24 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dldoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 19.05.2011 12:35:05 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{209500FC-6B45-4693-8871-6296C4843751}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 19.05.2011 13:13:33 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "General Purpose USB Driver (adildr.sys)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 19.05.2011 13:13:33 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst dldoCATSCustConnectService.
Error - 19.05.2011 13:13:33 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dldoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 19.05.2011 13:16:13 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{209500FC-6B45-4693-8871-6296C4843751}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 19.05.2011 13:16:16 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
--- --- --- habe nun noch unhide.exe ausgeführt, symbole sind wieder da. anbei noch die malware-log: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6618 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19.05.2011 19:11:35 mbam-log-2011-05-19 (19-11-35).txt Scan type: Quick scan Objects scanned: 197265 Time elapsed: 12 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7306058E-58E2-82F4-D8EC-B0F338D3C1B0} (Trojan.ZbotR.Gen) -> Value: {7306058E-58E2-82F4-D8EC-B0F338D3C1B0} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3C8AA886-3BA2-B7BC-4597-D5C09A44129C} (Trojan.ZbotR.Gen) -> Value: {3C8AA886-3BA2-B7BC-4597-D5C09A44129C} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DQMiuyMNARayQk (Rogue.Agent.SA) -> Value: DQMiuyMNARayQk -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
19.05.2011, 19:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Trojaner Desktop schwarz Programme und Dateien verschwundenZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
19.05.2011, 23:27
| #3 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden jetzt der komplette:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6618 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.05.2011 00:18:23 mbam-log-2011-05-20 (00-18-23).txt Scan type: Full scan (C:\|) Objects scanned: 368738 Time elapsed: 2 hour(s), 13 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\dokumente und einstellungen\***\anwendungsdaten\sun\java\deployment\cache\6.0\12\3fe8dd0c-2c2a248f (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. |
|
20.05.2011, 08:20
| #4 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Hallo nochmal, anbei neuester scan, muessen jetzt noch weitere schritte erfolgen? Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6618 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.05.2011 02:52:36 mbam-log-2011-05-20 (02-52-36).txt Scan type: Full scan (C:\|) Objects scanned: 369741 Time elapsed: 2 hour(s), 6 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
20.05.2011, 09:33
| #5 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden ah okay, habe soeben festgestellt, dass die Programmordner im Startmenü wieder hergestellt wurden sich aber keine Dateien in den Ordnern befinden. Also werden noch weitere schritte notwendig sein. |
|
20.05.2011, 09:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [extensionx.exe] File not found
O4 - HKCU..\Run: [Tordvd] File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell - "" = AutoRun
O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell - "" = AutoRun
O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell - "" = AutoRun
O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell - "" = AutoRun
O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.05.19 00:24:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows XP Recovery
[2011.05.11 12:32:58 | 000,000,000 | ---D | C] -- C:\fec7a554ecec8c7e77469fdf5c5e5b
[2011.05.19 00:24:47 | 000,000,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18013988
[2011.05.19 00:24:44 | 000,000,829 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Windows XP Recovery.lnk
[2011.05.13 10:21:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2007.11.26 22:39:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\tmp
[2011.01.09 14:09:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Usylyp
[2010.12.30 14:33:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wyirow
[2010.12.23 10:48:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ywryo
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Nach Trojaner Desktop schwarz Programme und Dateien verschwunden |
|
20.05.2011, 10:08
| #7 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden So nun der OTL-log ========== OTL ========== Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\extensionx.exe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tordvd deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500d4d2e-6c3d-11e0-af55-001dd9e7fa2d}\ not found. File E:\Install.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78e3c80e-1b21-11df-aba0-001dd9e7fa2d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c200a96b-7a43-11df-ac8e-001dd9e7fa2d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5b45c32-01d2-11df-ab4e-001dd9e7fa2d}\ not found. File E:\AutoRun.exe not found. Folder C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows XP Recovery\ not found. C:\fec7a554ecec8c7e77469fdf5c5e5b folder moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18013988 moved successfully. File C:\Dokumente und Einstellungen\***\Desktop\Windows XP Recovery.lnk not found. Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong\ not found. Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\tmp\ not found. Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\Usylyp\ not found. Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wyirow\ not found. Folder C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ywryo\ not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2 deleted successfully.========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05202011_110703 |
|
20.05.2011, 10:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2011, 10:31
| #9 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden der tdsskiller lässt sich nicht starten. Download war erfolgreich, aber nach doppeklick erfolgt keine ausführung. |
|
20.05.2011, 10:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Dann bitte jetzt CF ausführen, den tdsskiller probieren wir danach nochmal. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2011, 10:38
| #11 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden stelle gerade fest das sich mcafee noch im hintergrund befindet und sich nicht deaktiverien lässt. |
|
20.05.2011, 10:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Dann muss McAfee deinstalliert werden. Ein Virenscanner kann wieder rauf, wenn wir durch sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2011, 11:26
| #13 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden ComboFix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-19.01 - *** 20.05.2011 11:57:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3582.3136 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\***\Anwendungsdaten\facemoods.com
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\***\WINDOWS
c:\dokumente und einstellungen\Rettung\Anwendungsdaten\facemoods.com
C:\extensionx.exe
c:\extensionx.exe\config.bin
c:\programme\facemoods.com
c:\programme\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoods.crx
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoods.png
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodsApp.dll
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodsEng.dll
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
c:\programme\facemoods.com\facemoods\1.4.17.9\uninstall.exe
c:\programme\Internet Explorer\complete.dat
c:\programme\Internet Explorer\dmlconf.dat
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-20 bis 2011-05-20 ))))))))))))))))))))))))))))))
.
.
2011-05-20 09:07 . 2011-05-20 09:07 -------- d-----w- C:\_OTL
2011-05-19 11:44 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-19 11:44 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-19 09:52 . 2011-05-19 09:52 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Identities
2011-05-19 09:50 . 2011-05-19 09:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2011-05-19 06:54 -------- d-----w- c:\dokumente und einstellungen\Rettung\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 06:54 . 2011-05-19 06:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2011-05-19 16:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-05-18 23:13 . 2011-05-18 23:13 -------- d-----w- c:\dokumente und einstellungen\Rettung\Lokale Einstellungen\Anwendungsdaten\Conduit
2011-05-18 23:13 . 2011-05-18 23:15 -------- d-----w- c:\dokumente und einstellungen\Rettung\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2011-04-21 17:42 . 2011-04-21 17:42 -------- d-----w- C:\UserData
2011-04-21 17:33 . 2009-10-29 17:28 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-04-21 17:33 . 2011-04-21 17:33 -------- d-----w- c:\windows\system32\SupportAppCB
2011-04-21 17:33 . 2011-04-21 17:34 -------- d-----w- c:\programme\1&1 Surf-Stick
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 18:30 . 2011-03-31 17:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33 . 2004-08-13 12:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-13 12:40 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-13 12:40 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2004-08-13 12:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2004-08-13 12:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-13 12:40 385024 ----a-w- c:\windows\system32\html.iec
2009-07-14 16:00 . 2007-12-10 20:04 67688 ----a-w- c:\programme\mozilla firefox\components\jar50.dll
2009-07-14 16:00 . 2007-12-10 20:04 54368 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2009-07-14 16:00 . 2007-12-10 20:04 34944 ----a-w- c:\programme\mozilla firefox\components\myspell.dll
2009-07-14 16:00 . 2007-12-10 20:04 46712 ----a-w- c:\programme\mozilla firefox\components\spellchk.dll
2009-07-14 16:00 . 2007-12-10 20:04 172136 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54 175912 ----a-w- c:\programme\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"DELL Webcam Manager"="c:\programme\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Logitech Hardware Abstraction Layer"="c:\programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\programme\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"dldomon.exe"="c:\programme\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\programme\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\programme\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"SHIWebOnDiskManager"="c:\programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" [2009-08-24 233472]
"UIExec"="c:\programme\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Forum Verlag\\VOB2009CD-ROM\\EasyBrowse2K2.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\Rettung\\Desktop\\Facemoods.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [19.07.2009 16:20 247096]
R2 UI Assistant Service;UI Assistant Service;c:\programme\1&1 Surf-Stick\AssistantServices.exe [21.04.2011 19:33 253264]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [05.10.2007 15:30 99568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.02.2010 16:35 135664]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.02.2010 16:35 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [21.04.2011 19:33 9216]
S3 OKI OPHM DCS Loader;OKI OPHM DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHMLDCS.EXE [29.04.2009 11:42 24576]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [10.02.2009 23:24 356920]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-04 14:35]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-04 14:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
Trusted Zone: 1und1.de\kundenshop
Trusted Zone: simyo.de\www
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=MicroStation Resource
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\programme\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
HKLM-Run-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
AddRemove-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.9\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-20 12:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-05-20 12:14:58
ComboFix-quarantined-files.txt 2011-05-20 10:14
.
Vor Suchlauf: 19 Verzeichnis(se), 168.641.425.408 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 172.943.478.784 Bytes frei
.
- - End Of File - - 59A3035E0EEAE3B24552710E941D664D
|
|
20.05.2011, 11:29
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwundenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2011, 11:32
| #15 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden bei durchführung von combofix war keine internetverbindung aktiv. konnte deswegen kein download der software durchführen. |
|
| Themen zu Nach Trojaner Desktop schwarz Programme und Dateien verschwunden |
| 0x00000001, 32-bit, adobe, alternate, bildschirm, canon, conduit, dateien verschwunden, desktop, disabletaskmgr, einstellungen, error, fehler, festplatte, firefox, format, infizierte dateien, kunde, microsoft office 2003, microsoft office word, mozilla, object, office 2007, oldtimer, phishing, plug-in, problem, pum.hidden.desktop, registry, searchplugins, senden, shell32.dll, shortcut, siteadvisor, software, spyware, super, system, tracker, trojan.fakems.gen, trojan.zbotr.gen, trojaner, windows, windows internet |
Linear-Darstellung
