Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.07.2010, 19:21   #1
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Hallo zusammen!

ich hatte mir Anfang der Woche die beiden o.g. Schädlinge eingepfangen, welche ich meiner Meinung nach mit der Systemwiederherstellung entfernt habe. Da ich mir aber nicht sicher bin, wende ich mich hier an euch Experten

Entdeckt habe ich die beiden dadurch, dass mein Antivir nicht mehr funktioniert hat und beim AntimalMalware Doktor ganz offensichtlich durch die Software.

Nach einigen Suchläufen mit Ad Aware, Antivir und Malwarebytes haben ich keinen Schädling finden können. System läuft auch einwandfrei. Ich habe schon einiges zu den beiden Trojanern gelesen. Die Frage, die sich mir gestellt hat, war nur, ob ich genauso vorgehen kann, wie in den anderen Threats beschrieben?

Ich möchte natürlich verhindern, dass System aufsetzen zu müssen, da das bekanntlich mit einiger Arbeit verbunden ist.

Danke schon mal
Beste Grüße Sören

Alt 29.07.2010, 12:04   #2
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung





EIn System zu Bereinigen ist nicht weniger Arbeit. Problem noch aktuell ?
__________________

__________________

Alt 29.07.2010, 19:04   #3
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Meine Frage ist noch aktuell, da ich es wie gesagt verhindern möchte den PC neu aufzusetzen, wenns möglich ist.

Wenn du Tipps für mich hast, meld dich bitte
__________________

Alt 29.07.2010, 20:27   #4
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Ich frage das nur, weil sich manche darauf auch nicht mehr melden


Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 29.07.2010, 22:56   #5
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Hi

erstmal Respekt was ihr hier für ein Aufwand betreibt um uns Hilflosen zu helfen. Sogar eigene Hilfsprogramme werden entworfen

Ich habe alle Punkte der Reihe nach bearbeitet. Bei dem Tool GMER
gab es jedoch Probleme, obwohl ich alles nach Anleitung befolgt habe.

Fehlermeldung war folgende:

gmer funktioniert nicht mehr.
Das Pragramm wird aufgrund eines Problems nicht richtig ausgeführt.
Das Programm wird geschlossen.

Aufgetreten ist der Fehler nicht direkt bei Klick auf Scan sondern nach ca. 2 min bei dem Suchpfad \Device\Harddisk\VlumeShadowCopy1

Habe versucht danach versucht das Programm neu zu starten und prompt einen Bluescreen erhalten. Nach einem System-Neustart und erneutem Ausführen ist er dann wieder an der selben Stelle hängen geblieben (diesmal habe ich es nicht noch mal probiert )

Die restlichen LOGS siehe unten
Ich hoffe ich habe nichts vergessen...


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4367

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

29.07.2010 21:49:17
mbam-log-2010-07-29 (21-49-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 127948
Laufzeit: 7 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 29.07.2010, 22:57   #6
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



OTL

Code:
ATTFilter
OTL logfile created on: 29.07.2010 22:17:28 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Irina\Desktop\MFTools
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 144,43 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IRINA-PC
Current User Name: Irina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.29 21:27:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\MFTools\OTL.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.08.14 16:47:12 | 000,237,984 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.08.13 19:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.08.13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.03 06:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.07 10:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.07 10:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.07 10:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.09.07 10:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.08.28 07:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.07.27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007.07.25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.07.25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.05.23 22:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007.03.28 21:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 21:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2007.03.21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.08 17:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006.11.03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.29 21:27:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\MFTools\OTL.exe
MOD - [2009.11.27 22:40:43 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 08:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.04.11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.04.11 08:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007.06.23 13:57:18 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxscrll.dll
MOD - [2007.03.28 21:59:10 | 002,953,216 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\farchns.dll
MOD - [2007.03.28 21:14:34 | 000,296,960 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\infra.dll
MOD - [2006.06.15 20:40:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxcomm.dll
MOD - [2006.06.15 20:40:26 | 000,065,536 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxhooks.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.07.12 10:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.14 16:47:12 | 000,237,984 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.08.13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.07.25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.07.25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007.03.21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.16 17:13:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.03.14 02:17:20 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.03.14 02:17:20 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.03.14 02:17:20 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.28 08:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.09.28 08:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.09.07 11:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.09.07 10:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.07 08:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.07 08:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.07 08:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.08.28 07:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.08.28 07:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.08.13 11:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.06.01 15:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007.05.24 18:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007.03.28 21:15:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006.11.07 03:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006.11.07 01:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006.11.07 01:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 22:16:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 18:32:02 | 000,000,000 | ---D | M]
 
[2010.04.16 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions
[2010.04.16 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.07.29 20:21:27 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions
[2010.07.22 23:22:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.29 20:21:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.23 11:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.27 18:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 02:28:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0;  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\RED Flourish.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\RED Flourish.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fa61275-34e7-11de-a17c-001f3ae0760e}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.29 21:40:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.29 21:39:25 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.07.29 21:29:06 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.29 21:27:32 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\MFTools
[2010.07.27 18:52:44 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.07.27 18:52:44 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.07.27 18:52:44 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.07.27 18:52:44 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.07.27 18:52:33 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.07.27 18:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.07.27 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Malwarebytes
[2010.07.27 00:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.27 00:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.27 00:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.27 00:01:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.26 23:40:08 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.07.26 23:40:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.26 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Local\Sunbelt Software
[2010.07.26 20:14:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010.07.26 20:13:37 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.07.26 20:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.26 14:09:50 | 000,000,000 | ---D | C] -- C:\Programme\MP3Gain
[2010.07.26 12:37:51 | 000,000,000 | ---D | C] -- C:\Programme\Mp3GainPRO
[2010.07.23 09:22:42 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\QuickScan
[2010.07.23 09:01:34 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\D77E2CF9C834CCB9C126BED6B917AC0A
[2010.07.23 01:45:22 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.07.23 00:56:36 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 10:32:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.05.19 20:41:17 | 000,000,000 | --SD | C] -- C:\Users\Irina\Documents\Notes
[2010.05.03 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\VSO
[2010.05.03 20:42:17 | 000,000,000 | ---D | C] -- C:\Programme\VSO
[2010.05.03 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.05.03 20:32:03 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.29 22:18:20 | 003,145,728 | -HS- | M] () -- C:\Users\Irina\ntuser.dat
[2010.07.29 22:13:23 | 000,066,419 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\nvModes.001
[2010.07.29 22:13:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.29 22:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 22:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 22:12:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.29 22:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.29 22:12:47 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.29 22:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.29 22:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TM.blf
[2010.07.29 22:11:16 | 000,004,745 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.29 22:11:07 | 002,028,182 | -H-- | M] () -- C:\Users\Irina\AppData\Local\IconCache.db
[2010.07.29 22:11:03 | 001,259,008 | ---- | M] () -- C:\Users\Irina\Desktop\Unbenanntes Dokument.wps
[2010.07.29 22:11:03 | 000,006,614 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\wklnhst.dat
[2010.07.29 22:08:46 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.29 22:08:46 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.29 22:08:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.29 22:08:46 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.29 22:08:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.29 22:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.29 22:03:57 | 291,421,489 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.29 21:39:26 | 000,000,735 | ---- | M] () -- C:\Users\Irina\Desktop\NTREGOPT.lnk
[2010.07.29 21:39:26 | 000,000,716 | ---- | M] () -- C:\Users\Irina\Desktop\ERUNT.lnk
[2010.07.29 21:27:37 | 000,284,915 | ---- | M] () -- C:\Users\Irina\Desktop\Gmer.zip
[2010.07.29 21:26:20 | 000,410,626 | ---- | M] () -- C:\Users\Irina\Desktop\Load.exe
[2010.07.27 18:53:05 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.27 18:24:52 | 000,000,806 | ---- | M] () -- C:\Users\Irina\Desktop\CCleaner.lnk
[2010.07.26 23:40:45 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:40:05 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.26 23:37:30 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.26 23:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:24:35 | 000,065,536 | -HS- | M] () -- C:\Users\Irina\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.07.23 11:08:35 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.23 09:12:27 | 000,002,804 | ---- | M] () -- C:\zrpt.xml
[2010.07.23 00:56:30 | 000,001,034 | ---- | M] () -- C:\Users\Irina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.21 11:47:33 | 000,039,936 | ---- | M] () -- C:\Users\Irina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.07.12 10:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.07.07 22:31:35 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.12 12:33:09 | 000,295,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.15 22:53:43 | 000,000,680 | ---- | M] () -- C:\Users\Irina\AppData\Local\d3d9caps.dat
[2010.05.03 20:42:21 | 000,000,977 | ---- | M] () -- C:\Users\Irina\Desktop\Digital Frame Wizard.lnk
[2010.05.03 20:42:21 | 000,000,915 | ---- | M] () -- C:\Users\Irina\Desktop\VSO Image Resizer.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.29 22:11:03 | 001,259,008 | ---- | C] () -- C:\Users\Irina\Desktop\Unbenanntes Dokument.wps
[2010.07.29 22:03:57 | 291,421,489 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.29 21:50:41 | 000,293,376 | ---- | C] () -- C:\Users\Irina\Desktop\gmer.exe
[2010.07.29 21:39:26 | 000,000,735 | ---- | C] () -- C:\Users\Irina\Desktop\NTREGOPT.lnk
[2010.07.29 21:39:26 | 000,000,716 | ---- | C] () -- C:\Users\Irina\Desktop\ERUNT.lnk
[2010.07.29 21:27:36 | 000,284,915 | ---- | C] () -- C:\Users\Irina\Desktop\Gmer.zip
[2010.07.29 21:26:07 | 000,410,626 | ---- | C] () -- C:\Users\Irina\Desktop\Load.exe
[2010.07.27 19:24:50 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.07.27 18:53:05 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.26 23:37:30 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.26 23:27:17 | 000,524,288 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:27:17 | 000,524,288 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 23:27:17 | 000,065,536 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TM.blf
[2010.07.26 23:27:05 | 2145,452,032 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.23 09:12:27 | 000,002,804 | ---- | C] () -- C:\zrpt.xml
[2010.07.23 00:56:23 | 000,001,034 | ---- | C] () -- C:\Users\Irina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.05.03 20:42:21 | 000,000,977 | ---- | C] () -- C:\Users\Irina\Desktop\Digital Frame Wizard.lnk
[2010.05.03 20:42:21 | 000,000,915 | ---- | C] () -- C:\Users\Irina\Desktop\VSO Image Resizer.lnk
[2010.02.13 15:52:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.13 15:52:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.09.24 18:08:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.18 21:50:14 | 000,000,024 | ---- | C] () -- C:\Windows\druckstdu_starten.INI
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.06.25 14:59:08 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.06.20 20:54:50 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.05.04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2008.03.14 02:17:59 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.03.14 02:17:58 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.03.13 18:35:40 | 000,131,070 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.07.23 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\D77E2CF9C834CCB9C126BED6B917AC0A
[2010.07.23 00:56:36 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.13 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\ICQ
[2008.07.08 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\InfraRecorder
[2010.02.13 16:06:55 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\PC Suite
[2010.07.23 09:24:35 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\QuickScan
[2010.02.13 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\Samsung
[2008.03.21 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\Template
[2008.03.22 19:57:21 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\tmp
[2010.04.16 18:29:51 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\TomTom
[2008.06.25 14:58:41 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\TuneUp Software
[2010.01.04 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\VistaCodecs
[2010.06.30 12:14:21 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\VSO
[2010.07.29 22:11:16 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.07.29 22:12:46 | 000,001,924 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.03.14 02:18:10 | 000,004,693 | RH-- | M] () -- C:\dell.sdr
[2010.07.29 22:12:47 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.29 22:12:46 | 2459,258,880 | -HS- | M] () -- C:\pagefile.sys
[2008.12.27 09:09:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.12.28 13:57:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.12.29 21:19:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009.01.01 16:56:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009.02.21 08:56:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009.04.10 14:02:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009.06.10 22:12:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009.06.11 18:31:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009.06.14 21:35:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009.06.15 11:01:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009.06.15 11:08:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009.06.18 22:33:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009.06.21 19:38:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009.07.15 13:54:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009.07.17 18:58:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009.07.18 18:12:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009.07.18 22:07:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009.07.19 02:48:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008.12.21 15:00:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008.12.25 20:04:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008.12.27 09:09:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.12.28 13:57:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.12.29 21:19:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009.01.01 16:56:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009.02.21 08:56:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009.04.10 14:02:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009.06.10 22:12:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009.06.11 18:31:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009.06.14 21:35:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009.06.15 11:01:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009.06.15 11:08:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009.06.18 22:33:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009.06.21 19:38:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009.07.15 13:54:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009.07.17 18:58:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009.07.18 18:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009.07.18 22:07:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009.07.19 02:48:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008.12.21 15:00:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008.12.25 20:04:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010.07.23 09:12:27 | 000,002,804 | ---- | M] () -- C:\zrpt.xml
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.12.05 14:03:41 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007.04.16 07:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8V.DLL
[2007.04.16 07:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8V.DLL
[2006.11.02 14:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.11.08 14:28:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-29 14:01:57
< End of report >
         

Alt 29.07.2010, 22:58   #7
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Extras

Code:
ATTFilter
OTL Extras logfile created on: 29.07.2010 22:17:28 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Irina\Desktop\MFTools
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 144,43 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IRINA-PC
Current User Name: Irina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2508178559-692223191-2566507525-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09826091-63B6-496F-ADCF-2F1B76CB94E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0F8A9ECA-2C50-436D-AE5F-DE1F9F2264DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{10B65983-E01E-488B-87D5-6B11AE553EEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4FC515F7-8B54-4A33-A7E1-04908ADBBBCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{850B81FF-72B2-4B5A-850A-522C6F65E894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{970BD90C-488C-454B-93E2-4FD6832DB79D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A49AED4F-68D5-4BBC-AC83-3B95DF487B1B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB446952-88CF-4536-BC4C-408DDAF3A43E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B28E1F40-3C05-4349-AC65-35B6D4B78BEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C871735F-02D5-41D0-AF1E-73CD05AD590A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DC0A0DDD-F5F5-4E05-B910-2667208AFAD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E64413AB-0779-4227-B8B1-8DBCEB0D037E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19473C4A-60A1-4CE5-822C-C9E8E6A2C5DE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{1D77DFC0-9EB8-4656-A65A-FAFC29299E7E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{202D012A-ADEE-4BB7-8B95-9A41F78EF21B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2B2A55BD-AA37-4F3A-80D5-55CF2CA3BD56}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3AC31D4B-EEEC-4923-A70C-B80C682DFB53}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{40213129-E4AC-4DB1-B753-6ED289B2FFEB}" = protocol=17 | dir=in | app=c:\program files\swapper\swapper.exe | 
"{58529334-C9A4-485E-886E-BCC5884DDEE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6A6F36F6-23E7-4290-9FBB-9E5B3835E708}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{777023FB-E5D7-43AE-B741-A581EEF976D3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8F622EA9-1A8B-4D3D-BFA0-169A77E71B8F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{948C923D-302E-41D4-8757-B819FD209A14}" = protocol=6 | dir=in | app=c:\program files\swapper\swapper.exe | 
"{95CCA03F-2028-4AC2-95A1-66B05EF07657}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{9663B0C1-E7C8-42F7-8FC0-B42B097F784E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A5DC83A0-6968-4179-BD4B-D855EE4C6372}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{A8AEA01E-6868-42FE-8140-A3C054F3B215}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E422E8BF-ABB1-4F4E-B1AA-5A23277A3735}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{E89AD78A-3D6C-40F5-A68B-0B47925426BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F91D2B16-8BA0-4C2D-982B-15DC30A52A84}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{0DA4773A-90F6-4C1F-B1BE-72C08A8E35AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{416E4240-03F9-40C0-A754-E821932D1A54}C:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe | 
"TCP Query User{66444FDD-F54D-43CA-8137-0D6A5FDEBC40}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{8F44820C-F947-41A6-BD76-8ABE3B6AC191}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3C1FB100-E51D-4F27-B34F-DFE05AA9F4C5}C:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe | 
"UDP Query User{6BC16AA2-4296-4A8B-9995-D02C4D71A0E8}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{B5B949C4-E3F9-48B7-B6B8-3155C28ABC9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{FEAC4B98-9A7B-4F45-8254-B7CD3CD15BEA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series" = Canon iP3500 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP3500 series Benutzerregistrierung" = Canon iP3500 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"dm Fotowelt" = dm Fotowelt
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2009 08:09:51 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.12.2009 11:01:14 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.12.2009 14:45:52 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.12.2009 15:45:24 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x12b4, Anwendungsstartzeit 01ca8663e73105ac.
 
Error - 26.12.2009 15:45:36 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x390, Anwendungsstartzeit 01ca8663fd4405ec.
 
Error - 26.12.2009 15:45:54 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf10, Anwendungsstartzeit 01ca866407a2230c.
 
Error - 27.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.12.2009 14:45:47 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 20.05.2008 13:16:20 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.05.2008 13:17:40 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.05.2008 13:18:09 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 30.09.2008 13:11:41 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.10.2008 08:44:42 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 03.12.2008 14:46:22 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.12.2008 15:02:57 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.12.2008 10:25:31 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 31.12.2008 13:17:28 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 16.09.2009 12:53:18 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 26.07.2010 17:31:02 | Computer Name = Irina-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.87.146.0

	Ladende
 Modulversion: 1.1.5902.0
 
Error - 26.07.2010 17:38:00 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.07.2010 12:33:26 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.07.2010 12:53:18 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.07.2010 12:53:19 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.07.2010 13:01:17 | Computer Name = Irina-PC | Source = Print | ID = 6161
Description = Das Dokument FreeMail von WEB.DE im Besitz von Irina konnte nicht 
auf dem Drucker Canon iP3500 series gedruckt werden. Versuchen Sie erneut, das Dokument
 zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 1.008. Größe
 der Spooldatei in Bytes: 34112. Anzahl der gedruckten Bytes: 34004. Gesamtanzahl
 der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\IRINA-PC.
 Vom Druckprozessor zurückgegebener Win32-Fehlercode: 0. Der Vorgang wurde erfolgreich
 beendet.  
 
Error - 29.07.2010 16:04:05 | Computer Name = Irina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.07.2010 um 22:02:14 unerwartet heruntergefahren.
 
 
< End of report >
         
Sorry für die vielen Posts aber hat nicht alles in eine Nachricht gepasst...

Alt 29.07.2010, 23:16   #8
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Alle Tools werden von Kollegen in ihrer Freizeit geschrieben

Schritt 1

Deinstalliere
Ad-Aware (schrott)
DVDVideoSoftTB[/b] Toolbar (adware)


Schritt 2
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
[2010.07.23 01:45:22 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.05.03 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.07.23 09:12:27 | 000,002,804 | ---- | M] () -- C:\zrpt.xml
:services
:files
C:\sqmdata*.sqm
:reg
:Commands
[purity]
[emptytemp]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte poste in Deiner nächsten Antwort
OTLFix Log
ComboFix.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 30.07.2010, 00:01   #9
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Anbei die LOGs


OTL
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Folder C:\Programme\DVDVideoSoftTB\ not found.
C:\Programme\Conduit\Community Alerts folder moved successfully.
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.
C:\zrpt.xml moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Irina
->Temp folder emptied: 193662 bytes
->Temporary Internet Files folder emptied: 442096 bytes
->Java cache emptied: 1313 bytes
->FireFox cache emptied: 34853610 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 719 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 34,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07292010_233146

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Combofix

Code:
ATTFilter
ComboFix 10-07-29.01 - Irina 29.07.2010  23:43:21.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.2045.1189 [GMT 2:00]
ausgeführt von:: c:\users\Irina\Desktop\Combo-Fix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Irina\AppData\Roaming\D77E2CF9C834CCB9C126BED6B917AC0A
c:\users\Irina\AppData\Roaming\D77E2CF9C834CCB9C126BED6B917AC0A\enemies-names.txt

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-28 bis 2010-07-29  ))))))))))))))))))))))))))))))
.

2010-07-29 21:50 . 2010-07-29 21:50	--------	d-----w-	c:\users\Irina\AppData\Local\temp
2010-07-29 21:50 . 2010-07-29 21:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-29 19:39 . 2010-07-29 19:39	--------	d-----w-	c:\program files\ERUNT
2010-07-29 19:29 . 2010-07-29 19:29	--------	d-----w-	c:\program files\7-Zip
2010-07-27 16:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-07-27 16:52 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-07-27 16:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-07-27 16:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-07-27 16:52 . 2010-07-27 16:52	--------	d-----w-	c:\programdata\Avira
2010-07-27 16:52 . 2010-07-27 16:52	--------	d-----w-	c:\program files\Avira
2010-07-27 09:17 . 2010-07-27 09:17	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-26 22:02 . 2010-07-26 22:02	--------	d-----w-	c:\users\Irina\AppData\Roaming\Malwarebytes
2010-07-26 22:01 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 22:01 . 2010-07-26 22:01	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-26 22:01 . 2010-07-26 22:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-26 22:01 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-26 21:40 . 2010-07-26 21:40	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-07-26 18:15 . 2010-07-26 18:15	--------	d-----w-	c:\users\Irina\AppData\Local\Sunbelt Software
2010-07-26 18:13 . 2010-07-29 21:29	--------	d-----w-	c:\program files\Lavasoft
2010-07-26 18:13 . 2010-07-29 21:29	--------	d-----w-	c:\programdata\Lavasoft
2010-07-26 12:09 . 2010-07-26 12:16	--------	d-----w-	c:\program files\MP3Gain
2010-07-26 10:37 . 2010-07-26 11:49	--------	d-----w-	c:\program files\Mp3GainPRO
2010-07-23 09:12 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-23 07:22 . 2010-07-23 07:24	--------	d-----w-	c:\users\Irina\AppData\Roaming\QuickScan
2010-07-22 22:56 . 2010-07-22 22:56	--------	d-----w-	c:\users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 21:32 . 2008-03-13 16:25	4745	----a-w-	c:\windows\bthservsdp.dat
2010-07-29 21:31 . 2010-05-03 18:32	--------	d-----w-	c:\program files\Conduit
2010-07-29 21:31 . 2010-05-03 18:32	--------	d-----w-	c:\program files\softonic-de3
2010-07-29 20:45 . 2008-03-21 18:50	6614	----a-w-	c:\users\Irina\AppData\Roaming\wklnhst.dat
2010-07-29 20:08 . 2006-11-02 15:48	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-07-29 20:08 . 2006-11-02 15:48	126260	----a-w-	c:\windows\system32\perfc007.dat
2010-07-27 16:24 . 2010-04-09 16:44	--------	d-----w-	c:\program files\CCleaner
2010-07-27 16:22 . 2008-03-13 16:35	--------	d-----w-	c:\program files\Common Files\Java
2010-07-27 16:21 . 2008-03-13 16:35	--------	d-----w-	c:\program files\Java
2010-07-22 22:56 . 2010-01-04 13:25	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-07-22 22:56 . 2010-01-04 13:25	--------	d-----w-	c:\program files\DVDVideoSoft
2010-07-20 08:28 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-07 21:13 . 2008-03-27 16:10	--------	d-----w-	c:\programdata\Roxio
2010-06-30 10:14 . 2010-05-03 18:42	--------	d-----w-	c:\users\Irina\AppData\Roaming\VSO
2010-06-26 08:32 . 2010-06-26 08:32	--------	d-----w-	c:\program files\Microsoft.NET
2010-05-26 17:06 . 2010-06-11 10:09	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:09	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 10:49	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-15 20:53 . 2008-06-19 16:01	680	----a-w-	c:\users\Irina\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-11 10:09	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:09	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 10:09	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 10:09	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:09	2037248	----a-w-	c:\windows\system32\win32k.sys
2008-03-13 16:40 . 2008-03-13 16:40	76	--sh--r-	c:\windows\CT4CET.bin
2008-03-14 00:17 . 2008-03-13 23:59	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46	90112	----a-w-	c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59	172792	----a-w-	c:\program files\ICQ6.5\ICQ.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"ECenter"=c:\dell\E-Center\EULALauncher.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe"
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):66,26,13,a8,ab,75,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2508178559-692223191-2566507525-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca053ea7c67990;Google Update Service (gupdate1ca053ea7c67990);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 11:22]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 11:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Irina\AppData\Roaming\Mozilla\Firefox\Profiles\3gn4lhfx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-NPSStartup - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-29 23:50
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2010-07-29  23:54:01
ComboFix-quarantined-files.txt  2010-07-29 21:53

Vor Suchlauf: 12 Verzeichnis(se), 155.824.803.840 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 155.749.650.432 Bytes frei

- - End Of File - - 5B7106A9A2FBEE6E45188D8C87C08067
         

Alt 31.07.2010, 15:32   #10
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Schritt 1

Update bitte Malwarebytes und lass einen QuickScan laufen


Schritt 2

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
MBAM Log
ESET Log
OTL.txt
Extras.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 31.07.2010, 19:11   #11
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Bei Eset wurden 2 Schädlinge gefunden!! Ich weiß aber nicht, ob die mit den ursprünglichen zu tun haben..

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=10d848eb1981914f88ca9847f9d29fa5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-31 04:17:58
# local_time=2010-07-31 06:17:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 294593 39682010 331935 0
# compatibility_mode=5892 16776573 100 100 0 118121772 0 0
# compatibility_mode=8192 67108863 100 0 112 112 0 0
# scanned=143922
# found=2
# cleaned=2
# scan_time=4161
C:\Program Files\VistaCodecPack\Tools\Settings32.exe	Win32/Packed.Autoit.Gen application (deleted - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi	Win32/Packed.Autoit.Gen application (deleted - quarantined)	00000000000000000000000000000000	C
         
Malwarebytes

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

31.07.2010 17:04:04
mbam-log-2010-07-31 (17-04-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130362
Laufzeit: 5 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL

Code:
ATTFilter
OTL logfile created on: 31.07.2010 18:54:31 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Irina\Desktop\MFTools
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 143,52 Gb Free Space | 65,16% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IRINA-PC
Current User Name: Irina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.29 21:27:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\MFTools\OTL.exe
PRC - [2010.07.22 00:56:48 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.08.14 16:48:06 | 000,106,904 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.08.14 16:47:12 | 000,237,984 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.08.13 19:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.08.13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.03 06:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.09.07 10:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.07 10:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.07 10:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.09.07 10:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.08.28 07:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.07.25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.07.25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.05.23 22:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007.04.04 03:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.03.28 21:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 21:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2007.03.21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.08 17:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006.11.03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.29 21:27:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\MFTools\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007.09.07 18:26:18 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\dadkeyb.dll
MOD - [2006.11.03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.14 16:47:12 | 000,237,984 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.08.13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.07.25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.07.25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007.03.21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Irina\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.16 17:13:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.03.14 02:17:20 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.03.14 02:17:20 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.03.14 02:17:20 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.28 08:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.09.28 08:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.09.07 11:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.09.07 10:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.07 08:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.07 08:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.07 08:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.08.28 07:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.08.28 07:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.08.13 11:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.06.01 15:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007.05.24 18:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007.03.28 21:15:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006.11.07 03:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006.11.07 01:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006.11.07 01:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 22:16:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 18:32:02 | 000,000,000 | ---D | M]
 
[2010.04.16 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions
[2010.04.16 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.07.30 22:34:40 | 000,000,000 | ---D | M] -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions
[2010.07.22 23:22:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.29 23:34:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.29 23:34:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\3gn4lhfx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.30 22:34:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.23 11:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.27 18:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 02:28:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.29 23:50:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0;  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\RED Flourish.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\RED Flourish.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.31 17:06:45 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.07.29 23:54:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.07.29 23:54:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.07.29 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Local\temp
[2010.07.29 23:40:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.29 23:40:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.29 23:40:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.29 23:40:37 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.07.29 23:39:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.29 23:39:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.29 23:31:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.29 21:40:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.29 21:39:25 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.07.29 21:29:06 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.29 21:27:32 | 000,000,000 | ---D | C] -- C:\Users\Irina\Desktop\MFTools
[2010.07.27 18:52:44 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.07.27 18:52:44 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.07.27 18:52:44 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.07.27 18:52:44 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.07.27 18:52:33 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.07.27 18:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.07.27 18:21:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.27 18:21:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.27 18:21:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.27 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\Malwarebytes
[2010.07.27 00:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.27 00:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.27 00:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.27 00:01:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.26 23:40:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.26 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Local\Sunbelt Software
[2010.07.26 20:13:37 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.07.26 20:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.26 14:09:50 | 000,000,000 | ---D | C] -- C:\Programme\MP3Gain
[2010.07.26 12:37:51 | 000,000,000 | ---D | C] -- C:\Programme\Mp3GainPRO
[2010.07.23 11:12:11 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.23 09:22:42 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\QuickScan
[2010.07.23 00:56:36 | 000,000,000 | ---D | C] -- C:\Users\Irina\AppData\Roaming\DVDVideoSoftIEHelpers
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 18:54:44 | 003,407,872 | -HS- | M] () -- C:\Users\Irina\ntuser.dat
[2010.07.31 18:53:29 | 000,066,419 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\nvModes.001
[2010.07.31 18:38:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 18:38:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 18:07:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.31 17:06:25 | 002,672,312 | ---- | M] () -- C:\Users\Irina\Desktop\esetsmartinstaller_enu.exe
[2010.07.31 16:38:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.31 16:38:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.31 16:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.31 16:38:31 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.31 14:35:38 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.31 14:35:38 | 000,065,536 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TM.blf
[2010.07.31 14:35:23 | 000,004,745 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.30 19:56:16 | 002,341,194 | ---- | M] () -- C:\Users\Irina\Desktop\Foto060.jpg
[2010.07.30 07:42:51 | 002,030,856 | -H-- | M] () -- C:\Users\Irina\AppData\Local\IconCache.db
[2010.07.29 23:50:19 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.07.29 23:50:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.29 23:38:54 | 003,746,882 | R--- | M] () -- C:\Users\Irina\Desktop\Combo-Fix.exe
[2010.07.29 22:45:51 | 000,006,614 | ---- | M] () -- C:\Users\Irina\AppData\Roaming\wklnhst.dat
[2010.07.29 22:08:46 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.29 22:08:46 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.29 22:08:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.29 22:08:46 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.29 22:08:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.29 22:03:57 | 291,421,489 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.29 21:39:26 | 000,000,735 | ---- | M] () -- C:\Users\Irina\Desktop\NTREGOPT.lnk
[2010.07.29 21:39:26 | 000,000,716 | ---- | M] () -- C:\Users\Irina\Desktop\ERUNT.lnk
[2010.07.29 21:27:37 | 000,284,915 | ---- | M] () -- C:\Users\Irina\Desktop\Gmer.zip
[2010.07.29 21:26:20 | 000,410,626 | ---- | M] () -- C:\Users\Irina\Desktop\Load.exe
[2010.07.27 18:53:05 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.27 18:24:52 | 000,000,806 | ---- | M] () -- C:\Users\Irina\Desktop\CCleaner.lnk
[2010.07.26 23:40:45 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:40:05 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.26 23:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\Irina\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:24:35 | 000,065,536 | -HS- | M] () -- C:\Users\Irina\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.07.23 11:08:35 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.23 00:56:30 | 000,001,034 | ---- | M] () -- C:\Users\Irina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.21 11:47:33 | 000,039,936 | ---- | M] () -- C:\Users\Irina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.07 22:31:35 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.31 17:06:23 | 002,672,312 | ---- | C] () -- C:\Users\Irina\Desktop\esetsmartinstaller_enu.exe
[2010.07.30 19:42:17 | 002,341,194 | ---- | C] () -- C:\Users\Irina\Desktop\Foto060.jpg
[2010.07.29 23:40:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.29 23:40:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.29 23:40:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.29 23:40:43 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.29 23:40:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.29 23:38:49 | 003,746,882 | R--- | C] () -- C:\Users\Irina\Desktop\Combo-Fix.exe
[2010.07.29 22:03:57 | 291,421,489 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.29 21:50:41 | 000,293,376 | ---- | C] () -- C:\Users\Irina\Desktop\gmer.exe
[2010.07.29 21:39:26 | 000,000,735 | ---- | C] () -- C:\Users\Irina\Desktop\NTREGOPT.lnk
[2010.07.29 21:39:26 | 000,000,716 | ---- | C] () -- C:\Users\Irina\Desktop\ERUNT.lnk
[2010.07.29 21:27:36 | 000,284,915 | ---- | C] () -- C:\Users\Irina\Desktop\Gmer.zip
[2010.07.29 21:26:07 | 000,410,626 | ---- | C] () -- C:\Users\Irina\Desktop\Load.exe
[2010.07.27 18:53:05 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.07.26 23:27:17 | 000,524,288 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 23:27:17 | 000,524,288 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 23:27:17 | 000,065,536 | -HS- | C] () -- C:\Users\Irina\ntuser.dat{74459c4a-98fb-11df-9560-f9cbd8b4c2f6}.TM.blf
[2010.07.26 23:27:05 | 2145,452,032 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.23 00:56:23 | 000,001,034 | ---- | C] () -- C:\Users\Irina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.13 15:52:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.13 15:52:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.09.24 18:08:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.18 21:50:14 | 000,000,024 | ---- | C] () -- C:\Windows\druckstdu_starten.INI
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.06.25 14:59:08 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.06.20 20:54:50 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.05.04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2008.03.14 02:17:59 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.03.14 02:17:58 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.03.13 18:35:40 | 000,131,070 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >
         

Alt 31.07.2010, 19:12   #12
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Code:
ATTFilter
OTL Extras logfile created on: 31.07.2010 18:54:31 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Irina\Desktop\MFTools
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 143,52 Gb Free Space | 65,16% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IRINA-PC
Current User Name: Irina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2508178559-692223191-2566507525-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09826091-63B6-496F-ADCF-2F1B76CB94E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0F8A9ECA-2C50-436D-AE5F-DE1F9F2264DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{10B65983-E01E-488B-87D5-6B11AE553EEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4FC515F7-8B54-4A33-A7E1-04908ADBBBCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{850B81FF-72B2-4B5A-850A-522C6F65E894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{970BD90C-488C-454B-93E2-4FD6832DB79D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A49AED4F-68D5-4BBC-AC83-3B95DF487B1B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB446952-88CF-4536-BC4C-408DDAF3A43E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B28E1F40-3C05-4349-AC65-35B6D4B78BEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C871735F-02D5-41D0-AF1E-73CD05AD590A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DC0A0DDD-F5F5-4E05-B910-2667208AFAD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E64413AB-0779-4227-B8B1-8DBCEB0D037E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19473C4A-60A1-4CE5-822C-C9E8E6A2C5DE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{1D77DFC0-9EB8-4656-A65A-FAFC29299E7E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{202D012A-ADEE-4BB7-8B95-9A41F78EF21B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2B2A55BD-AA37-4F3A-80D5-55CF2CA3BD56}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3AC31D4B-EEEC-4923-A70C-B80C682DFB53}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{40213129-E4AC-4DB1-B753-6ED289B2FFEB}" = protocol=17 | dir=in | app=c:\program files\swapper\swapper.exe | 
"{58529334-C9A4-485E-886E-BCC5884DDEE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6A6F36F6-23E7-4290-9FBB-9E5B3835E708}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{777023FB-E5D7-43AE-B741-A581EEF976D3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8F622EA9-1A8B-4D3D-BFA0-169A77E71B8F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{948C923D-302E-41D4-8757-B819FD209A14}" = protocol=6 | dir=in | app=c:\program files\swapper\swapper.exe | 
"{95CCA03F-2028-4AC2-95A1-66B05EF07657}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{9663B0C1-E7C8-42F7-8FC0-B42B097F784E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A5DC83A0-6968-4179-BD4B-D855EE4C6372}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{A8AEA01E-6868-42FE-8140-A3C054F3B215}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E422E8BF-ABB1-4F4E-B1AA-5A23277A3735}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{E89AD78A-3D6C-40F5-A68B-0B47925426BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F91D2B16-8BA0-4C2D-982B-15DC30A52A84}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{0DA4773A-90F6-4C1F-B1BE-72C08A8E35AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{416E4240-03F9-40C0-A754-E821932D1A54}C:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe | 
"TCP Query User{66444FDD-F54D-43CA-8137-0D6A5FDEBC40}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{8F44820C-F947-41A6-BD76-8ABE3B6AC191}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3C1FB100-E51D-4F27-B34F-DFE05AA9F4C5}C:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\irina\appdata\local\temp\rar$ex05.218\tftpd32.exe | 
"UDP Query User{6BC16AA2-4296-4A8B-9995-D02C4D71A0E8}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{B5B949C4-E3F9-48B7-B6B8-3155C28ABC9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{FEAC4B98-9A7B-4F45-8254-B7CD3CD15BEA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series" = Canon iP3500 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP3500 series Benutzerregistrierung" = Canon iP3500 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"dm Fotowelt" = dm Fotowelt
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2009 08:09:51 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.12.2009 11:01:14 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.12.2009 14:45:52 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.12.2009 15:45:24 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x12b4, Anwendungsstartzeit 01ca8663e73105ac.
 
Error - 26.12.2009 15:45:36 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x390, Anwendungsstartzeit 01ca8663fd4405ec.
 
Error - 26.12.2009 15:45:54 | Computer Name = Irina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wkswp.exe, Version 9.7.613.0, Zeitstempel 0x466fad27,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf10, Anwendungsstartzeit 01ca866407a2230c.
 
Error - 27.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.12.2009 14:45:48 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.12.2009 14:45:47 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 20.05.2008 13:16:20 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.05.2008 13:17:40 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.05.2008 13:18:09 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 30.09.2008 13:11:41 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.10.2008 08:44:42 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 03.12.2008 14:46:22 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.12.2008 15:02:57 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.12.2008 10:25:31 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 31.12.2008 13:17:28 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 16.09.2009 12:53:18 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.07.2010 12:23:14 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.07.2010 12:33:26 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.07.2010 12:53:18 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.07.2010 12:53:19 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.07.2010 13:01:17 | Computer Name = Irina-PC | Source = Print | ID = 6161
Description = Das Dokument FreeMail von WEB.DE im Besitz von Irina konnte nicht 
auf dem Drucker Canon iP3500 series gedruckt werden. Versuchen Sie erneut, das Dokument
 zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 1.008. Größe
 der Spooldatei in Bytes: 34112. Anzahl der gedruckten Bytes: 34004. Gesamtanzahl
 der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\IRINA-PC.
 Vom Druckprozessor zurückgegebener Win32-Fehlercode: 0. Der Vorgang wurde erfolgreich
 beendet.  
 
Error - 29.07.2010 16:04:05 | Computer Name = Irina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.07.2010 um 22:02:14 unerwartet heruntergefahren.
 
Error - 29.07.2010 17:42:13 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 29.07.2010 17:50:16 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7030
Description = 
 
 
< End of report >
         

Alt 31.07.2010, 21:03   #13
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Wie läuft der Rechner ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 31.07.2010, 21:38   #14
fox
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



der Rechner als solches läuft Fehlerfrei, ohne Auffälligkeiten...

Alt 31.07.2010, 22:03   #15
Larusso
/// Selecta Jahrusso
 
Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Standard

Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung



Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.


Schritt 3

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 4

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 5

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 6

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung
ad aware, anderen, anfang, anti, antivir, arbeit, aufsetzen, aware, eingefangen, entfernt, experten, frage, funktioniert, gen, hallo zusammen, malware, malwarebytes, natürlich, nicht mehr, nicht sicher, schädlinge, systemwiederherstellung, trojaner, trojanern, verhindern, win, woche, zusammen



Ähnliche Themen: Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung


  1. Anti Malware Doctor endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (68)
  2. Win32.Backdoor.Papras/A - Rechner infiziert; werde Trojaner nicht los
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (13)
  3. Problem nach Anti-Malware Doctor: MEM:Rootkit.Win32.TDSS.fa
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (1)
  4. Probleme beim Online-Banking: Trojan.Win32.Generic!BT, Win32.Backdoor.Papras/A und andere...
    Log-Analyse und Auswertung - 06.11.2010 (19)
  5. win32.backdoor.papras a lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2010 (7)
  6. ComboFix nach Win32.Backdoor.Papras/A
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (11)
  7. Win32.Backdoor.Papras/A / TR/Spy.Browse.A (Trojan) führt zu Grafikkartenproblemen?
    Log-Analyse und Auswertung - 07.10.2010 (38)
  8. BDS/Papras.PR Eingefangen (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (1)
  9. Win32.Backdoor.Papras/A
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (25)
  10. Infektion mit Anti Malware Doctor
    Log-Analyse und Auswertung - 05.08.2010 (1)
  11. Win32.Backdoor\Papras/A
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (6)
  12. Anti Malware Doctor Problem
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (36)
  13. Trojaner win32.backdoor.papras/a
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (31)
  14. Backdoor.Win32.Papras.HE
    Plagegeister aller Art und deren Bekämpfung - 24.06.2010 (11)
  15. Anti Malware Doctor erfolgreich entfernt?
    Log-Analyse und Auswertung - 18.06.2010 (30)
  16. Anti Malware Doctor auch bei mir zugeschlagen
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (2)
  17. Anti Malware Doctor - komplett entfernt?
    Log-Analyse und Auswertung - 05.05.2010 (2)

Zum Thema Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung - Hallo zusammen! ich hatte mir Anfang der Woche die beiden o.g. Schädlinge eingepfangen, welche ich meiner Meinung nach mit der Systemwiederherstellung entfernt habe. Da ich mir aber nicht sicher bin, - Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung...
Archiv
Du betrachtest: Anti Malware Doctor & Win32.Backdoor.Papras/A eingefangen / Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.