WhenU entfernen!!Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
05.01.2007, 19:29
...neu hier
Beiträge: 10 |
||
|
||
06.01.2007, 02:06
Ehrenmitglied
Beiträge: 29434 |
#2
GCCDirk
»» scane, stelle dann alles gefundene auf remove und poste hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 14:00
...neu hier
Themenstarter Beiträge: 10 |
#3
Spyware Scan Details
Start Date: 06.01.2007 12:07:21 End Date: 06.01.2007 13:54:37 Total Time: 1 hrs 47 mins 16 secs Detected spyware eDonkey2000 P2P Program more information... Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object Plus18Point Hijacker more information... Details: Displays Advertising and changes internet explorer browser settings. Status: Deleted Infected files detected c:\windows\system32\iehelper.dll Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Deleted Infected files detected c:\dokumente und einstellungen\dirk\favoriten\online security test.url Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected files detected c:\programme\mozilla firefox\plugins\npclntax.dll WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id WindUpdates.MediaGateway Adware (General) more information... Details: WindUpdates.MediaGateway is an adware application that displays advertising on the desktop, usually pop-ups. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} rsp 455F9AFAA7F87E8C8BE2F61074ECE010123D1631 Cookie: ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\dirk\cookies\dirk@ad.yieldmanager[1].txt |
|
|
||
09.01.2007, 17:48
...neu hier
Themenstarter Beiträge: 10 |
#4
Wars das?? Oder kann ich noch was tun??
Sorry wen ich zu Ungeduldig bin |
|
|
||
09.01.2007, 23:58
Ehrenmitglied
Beiträge: 29434 |
#5
WhenU.Save - und anderer muell hat der counterspy ausgeloescht
du kannst noch einen Onlinescan mit panda machen + den scanreport hier posten http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.01.2007, 22:15
...neu hier
Themenstarter Beiträge: 10 |
#6
Incident Status Location
C:\Dokumente und Einstellungen\Dirk\Cookies\dirk@toplist[1].txt Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Katja.MYPC\Cookies\katja@2o7[1].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Katja.MYPC\Cookies\katja@as1.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Katja.MYPC\Cookies\katja@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Katja.MYPC\Cookies\katja@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Katja.MYPC\Cookies\katja@mediaplex[1].txt Potentially unwanted tool:Application/Processor Not disinfected D:\Download\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\HijackThis\Ad-Fix\Ad-Fix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\HijackThis\Ad-Fix.zip[Ad-Fix/Process.exe] |
|
|
||
11.01.2007, 10:35
Ehrenmitglied
Beiträge: 29434 |
#7
es ist alles wieder i.o.
die Cookies sind nicht wichtig und Application/Processor sind Entfernungstools. findet dein Virenscanner noch etwas von WhenU ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.01.2007, 17:20
...neu hier
Themenstarter Beiträge: 10 |
||
|
||
Fohes Neues ersteinmal.
Bei mir ist WhenU aktiv geworden. Beim Start des PC erschien unten rechts eine blaues Fenster dort stand irgendwas von M3Developer_WhenU etc.
Bitdefender hat daraufhin den Zugriff auf das Internet für dieses Teil gesperrt.
Habe danach CleanUp laufen lassen und seither kommt das Fenster nicht mehr.
Bitte kann mal jemand prüfen ob ich das Ding los bin?? Danke!!
Logfile of HijackThis v1.99.1
Scan saved at 17:02:21, on 05.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TCMCOM~1\MouseDrv.exe
C:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\cFos\cFosDNT.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~2\bdswitch.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\progra~1\softwin\bitdef~2\bdnagent.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ARCORO~1\Arcor.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Dirk\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cipro.de/home.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cipro.de/home.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cipro.de/home.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cipro.de/home.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cipro.de/home.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cipro.de/home.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.cipro.de/home.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMCOM~1\MouseDrv.exe
O4 - HKLM\..\Run: [TCMKeyboard ] C:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programme\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~2\bdswitch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~2\bdnagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Arcor Online] C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmesde.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Trennen - {1FB507B3-841F-4ed4-BED8-E11F0E5E47A1} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/262f0dc2d007c8745305/netzip/RdxIE601_de.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122095085843
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - http://www.arcor.de/vod/dmd/WMDownload.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Programme\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: MySql - Unknown owner - //Wwwciprode/server_cipro/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Dirk - 07-01-05 17:22:37,53 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Dirk\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))
2007-01-04 21:02 <DIR> d-------- C:\Programme\WAV to MP3 Encoder
2007-01-01 14:25 <DIR> d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Sony
2007-01-01 14:22 <DIR> d-------- C:\Programme\Sony Setup
2006-12-27 13:46 160,824 --a------ C:\WINDOWS\Wave@MP3 Uninstaller.exe
2006-12-27 13:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\River Past
2006-12-27 13:46 <DIR> d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\River Past G5
2006-12-27 13:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\River Past G5
2006-12-23 14:19 <DIR> d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Teleca
2006-12-23 14:18 <DIR> d-------- C:\Programme\Sony Ericsson
2006-12-23 14:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2006-12-23 14:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Documents
2006-12-23 14:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2006-12-23 14:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2006-12-23 14:16 <DIR> d-------- C:\Programme\Disc2Phone
2006-12-23 14:11 85,408 -ra------ C:\WINDOWS\system32\drivers\w810mgmt.sys
2006-12-23 14:10 94,064 -ra------ C:\WINDOWS\system32\drivers\w810mdm.sys
2006-12-23 14:10 83,344 -ra------ C:\WINDOWS\system32\drivers\w810obex.sys
2006-12-23 14:10 8,336 -ra------ C:\WINDOWS\system32\drivers\w810mdfl.sys
2006-12-23 14:10 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cmnt.sys
2006-12-23 14:10 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2006-12-23 14:09 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2006-12-23 14:09 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2006-12-23 14:09 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2006-12-23 08:58 <DIR> d-------- C:\Programme\Microangelo Toolset 6
2006-12-20 21:08 196,608 --a------ C:\WINDOWS\system32\DartSecureFtp.dll
2006-12-20 21:08 196,608 --a------ C:\WINDOWS\system32\DartSecure2.dll
2006-12-20 21:08 155,648 --a------ C:\WINDOWS\system32\DartCertificate.dll
2006-12-19 20:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
2006-12-17 10:10 26,832 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2006-12-17 10:10 <DIR> d-------- C:\IDAPI
2006-12-17 09:31 81,920 --a------ C:\WINDOWS\system\BIVBX11.DLL
2006-12-17 09:31 495,392 --a------ C:\WINDOWS\system\VTSSDLL.DLL
2006-12-17 09:31 170,000 --a------ C:\WINDOWS\system\TUTILITY.DLL
2006-12-17 09:31 <DIR> d-------- C:\EGR
2006-12-17 09:26 247,296 --a------ C:\WINDOWS\UN160407.EXE
2006-12-17 09:26 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL
2006-12-13 11:54 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-13 11:54 <DIR> d-------- C:\WINDOWS\system32\de-de
2006-12-13 11:52 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-13 11:51 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-13 11:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-09 21:04 11,520 -ra------ C:\WINDOWS\system32\drivers\WDMSTUB.sys
2006-12-09 20:23 7,296 -ra------ C:\WINDOWS\system32\drivers\grmnusb.sys
2006-12-09 20:23 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2006-12-09 20:23 17,024 -ra------ C:\WINDOWS\system32\drivers\grmngen.sys
2006-12-09 20:23 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2006-12-09 20:23 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2006-12-09 20:13 <DIR> d-------- C:\Garmin
2006-12-06 16:03 <DIR> d-------- C:\WINDOWS\system32\spoolprinter
2006-12-06 14:24 <DIR> d-------- C:\WINDOWS\alarm
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-05 17:25 -------- d-------- C:\Programme\cFos
2007-01-05 17:10 -------- d-------- C:\Programme\CleanUp!
2006-12-30 07:44 73728 --a------ C:\WINDOWS\system32\sockspy.dll
2006-12-30 07:42 77824 --a------ C:\WINDOWS\system32\xcomm.dll
2006-12-30 07:31 -------- d-------- C:\Programme\Gemeinsame Dateien\Softwin
2006-12-29 09:07 -------- d-------- C:\Programme\StarMoney 5.0
2006-12-29 09:00 -------- d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Skype
2006-12-27 13:46 -------- d-------- C:\Programme\River Past
2006-12-27 13:46 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-27 12:48 -------- d-------- C:\Programme\MSN Messenger
2006-12-13 12:09 -------- d-------- C:\Programme\Internet Explorer
2006-12-13 12:09 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-13 11:56 -------- d-------- C:\Programme\Outlook Express
2006-12-09 21:04 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-07 18:32 -------- d-------- C:\Programme\TomTom HOME
2006-12-07 17:57 -------- d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Yahoo!
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 16:48 -------- d-------- C:\Programme\Enigma Software Group
2006-12-05 23:04 -------- d-------- C:\Programme\Maguma Studio
2006-12-05 17:23 -------- d---s---- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Microsoft
2006-12-05 17:21 -------- d-------- C:\Programme\Microsoft ActiveSync
2006-12-04 10:58 82188 --a------ C:\WINDOWS\system32\zip.exe
2006-12-04 10:58 184320 --a------ C:\WINDOWS\system32\delnext.exe
2006-12-04 09:40 3234 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-03 21:27 598738 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\CleanUp!.log
2006-12-02 14:51 -------- d-------- C:\Programme\HP
2006-12-02 14:51 -------- d-------- C:\Programme\Gemeinsame Dateien\HP
2006-11-26 11:45 -------- d-------- C:\Programme\WISO
2006-11-26 11:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2006-11-18 09:32 -------- d-------- C:\Programme\CARDMAKE
2006-11-16 22:58 1190 --a------ C:\Programme\INSTALL.LOG
2006-11-16 22:57 64512 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2006-11-16 22:35 -------- d-------- C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\BitDefender
2006-11-16 21:56 -------- d-------- C:\Programme\ZOC5
2006-11-16 21:56 -------- d-------- C:\Programme\WinRAR
2006-11-16 21:56 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-16 21:56 -------- d-------- C:\Programme\appleJuice
2006-11-15 22:08 -------- d-------- C:\Programme\WinMX
2006-11-15 22:04 -------- d-------- C:\Programme\eDonkey2000
2006-11-13 19:36 -------- d-------- C:\Programme\Multimedia Card Reader
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 14:15 -------- d-------- C:\Programme\Yahoo!
2006-11-05 13:03 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 13:52 39550 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-11-01 13:52 2045 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\HPSU_48BitScanUpdate.log
2006-11-01 13:50 349 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2006-11-01 13:50 0 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2006-11-01 13:49 2714 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-11-01 13:48 3104 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\PatchUpdate_InstantShareJPG.log
2006-11-01 13:46 3907 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log
2006-11-01 13:45 47717 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log
2006-11-01 13:44 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-10-27 15:34 38478 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR
2006-10-27 15:32 38479 --a------ C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
2006-10-20 18:10 73216 --a------ C:\WINDOWS\cadkasdeinst01.exe
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Arcor Online"="C:\\PROGRA~1\\ARCORO~1\\Arcor.exe /inst_typ:2 /kunden_typ:bestand"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TCMMouse "="C:\\PROGRA~1\\TCMCOM~1\\MouseDrv.exe"
"TCMKeyboard "="C:\\PROGRA~1\\TCMCOM~1\\PS2USBKBDDrv.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LogonStudio"="\"C:\\Programme\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"cFosDNT"="C:\\Programme\\cFos\\cFosDNT.exe"
"HP Software Update"="C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe"
"Sunkist2k"="C:\\Programme\\Multimedia Card Reader\\shwicon2k.exe"
"BDMCon"="c:\\PROGRA~1\\softwin\\BITDEF~2\\bdmcon.exe"
"BDOESRV"="\"C:\\Programme\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDSwitchAgent"="\"C:\\PROGRA~1\\softwin\\BITDEF~2\\bdswitch.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
@=""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"BDNewsAgent"="\"C:\\PROGRA~1\\softwin\\BITDEF~2\\bdnagent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"="RUNDLL32.EXE C:\\WINDOWS\\system32\\sti_ci.dll,WiaCreateWizardMenu"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSetFolders"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"="rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Programme\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"RoxioDragToDisc"="\"C:\\Programme\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"RoxioAudioCentral"="\"C:\\Programme\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"RoxioEngineUtility"="\"C:\\Programme\\Gemeinsame Dateien\\Roxio Shared\\System\\EngUtil.exe\""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F0136F19-72BD-4E20-B558-F4033E75E293}.job
Completion time: 07-01-05 17:25:43.32
C:\ComboFix.txt ... 07-01-05 17:25