Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Backdooprogramm BDS/Papras.PK

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.09.2010, 18:42   #1
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Hallo!

Ich habe seit 2 Tagen folgendes Problem:
Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK.

Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei von Malwarebyte, danach die beiden Dateien von OTL.

Vielen Dank schonmal im Vorraus für eure Hilfe!


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4572

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.09.2010 19:12:37
mbam-log-2010-09-08 (19-12-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133204
Laufzeit: 9 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\evenconv (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> No action taken.
         

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PE-PC
Current User Name: Pe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6D16E-BA14-4C00-A51F-D69CC1282D00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA12054-255B-4675-855C-B8ADB118ED28}" = rport=445 | protocol=6 | dir=out | app=system | 
"{11E5174A-5A0D-4BD1-9BC9-E826DA6C0478}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{125B846F-2101-4A50-8F26-37A3479FB677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3A6096E3-2922-4AE0-883D-6642A9A03A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3FCCC298-439E-43F0-AC88-5642EE33C02D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6D71E92E-DABA-4DC4-83D2-8719CDE08AA0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70750F3B-3448-48B1-9DB9-B0ED70B2C4D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78FD3E14-2362-4D4C-AEE4-74673F6CC815}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9FDC462D-7DB6-4E5C-B53C-8F193CB5D2C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A0FD3061-C609-4F00-B7FB-A371F31E28B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A659F963-5EFF-4AB6-B7FC-F6351D175E67}" = lport=3649 | protocol=6 | dir=in | name=217.86.167.3 | 
"{A9A80D5C-8EE4-44A1-A999-C0BAB3A341DA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B09B0B89-8C7E-4D9C-9529-603F85994157}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B8F8E66C-5684-4567-AD38-39AEC6674B31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC71539D-F06F-486B-8E42-90C3C15059F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6411E97-379E-4756-B6D4-A3E6BD0D9698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC5B2DBC-C5FE-4950-A2C3-0AB7968B4B85}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC078192-AC23-478B-9A00-D6ADA5BD8818}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F173E37D-9EE0-49F1-A997-CE32016F6341}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FB0F2E-936B-48F4-A2F8-93F0179509C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E199D53-1461-443A-B546-91A82B9C1CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{307045F9-8995-41E0-831F-4489C9128221}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{368E942A-37BA-4582-BA5B-4A8FBA467FDE}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\klrun.exe | 
"{3A8BC496-8162-497A-A275-02024ED27205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B1CBA3B-FE39-48A2-BF6C-20A4A13A0B78}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | 
"{3EC0C517-3D3D-4541-9669-E6F808FF5707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43B1097B-D18B-4276-A417-A2F8A19557DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A906F26-EB50-4FE3-8E31-69F28A139D61}" = protocol=6 | dir=out | app=system | 
"{4F486D76-D356-4F96-A913-142F15D57F07}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{52B515D4-9CEA-4411-9748-775A416C667A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5909977D-D3E6-4757-BC9A-468D87D1E502}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{603044B3-1FDB-481D-9181-E4A20C626BDA}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kanat.exe | 
"{6334E7D3-B87D-44C8-8601-CF85BAFEEEAB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6AFC7A70-529B-4C1B-AF41-2D4139804A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8729FC4A-35FE-4AF7-9E88-52E41D5ACAE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{880B326B-CC8E-46B0-81C7-7866FD4A8B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8859E349-94BA-4055-9B08-8611EBD95AD2}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kanat.exe | 
"{8B55DE3D-5167-4204-BF33-2D1B9E0EEC97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E996FC1-0807-498D-B79B-3565D1DA3B79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8F7B47CB-7C00-4264-AC67-60352D7CB4BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{91346376-126B-4BAE-A4E3-C6F7EFA07B47}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\klrun.exe | 
"{954944CA-1977-4D96-97CC-836E3738AED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9639EE0A-9A61-4617-8BB9-0CAAF62D6E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AC72E4F-F21C-4341-9239-D3ACD1C35C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A2B9C0CB-A8C8-42A0-8FEF-2A6C734DC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4366EBB-FE8D-4B07-9A4B-6F4F6CBDE7CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A6FAFD37-A377-43FE-A3B6-C3F65E7AAE82}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | 
"{C3311FD0-C555-499B-8680-DF889C89261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBFEFBA7-C830-4FB7-A514-F60DC01C5D80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{41F4B18F-58A2-40E5-BAF7-F6BFE1B06BB6}C:\program files\jeak.de\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | 
"TCP Query User{42853F57-1022-4984-A8FB-3FAC8F0E15C0}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"TCP Query User{575A1AAF-BBD9-42D3-87B6-8B890CA61805}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DC0CBDAF-07D0-4449-A9ED-EBA64F74F6D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EE82756B-D1C6-42FB-A393-449567705CAD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{470D66E6-F54C-4082-8C2C-134929FE0F52}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{836E3972-E9D2-41B0-B5FA-81C346037D41}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BECD820D-1EB2-48CE-AFC0-43DF9FD61037}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{CF010F13-C495-4792-A9A4-0B5CE19D2339}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"UDP Query User{F8F120C4-CE7A-4504-901D-51DCCF221648}C:\program files\jeak.de\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BAE V7.2" = BAE V7.2
"Bolzplatz 2006_is1" = Bolzplatz 2006, v1.0.3
"CCleaner" = CCleaner
"Collab" = Collab
"EroBottle" = EroBottle 4.6 
"FL Studio 8" = FL Studio 8
"Flatcast_is1" = Flatcast 5.0
"foobar2000" = foobar2000 v0.9.5.6
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.24567
"LM98Free 2.2a_is1" = LM98Free 2.2a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatheGrafix 8_is1" = MatheGrafix Version 8 (build 03)
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mixxx" = Mixxx
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NI Service Center" = NI Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = FLAC codecs
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)
"PoiZone" = PoiZone
"PSpice Student" = PSpice Student 9.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Solve Elec_is1" = Solve Elec 2.5
"TurboPlot_is1" = TurboPlot v3.7a
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EroBottle-Extensions-Editor Vers. 1.5" = EroBottle-Extensions-Editor Vers. 1.5
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2010 08:24:48 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 888  Anfangszeit: 01ca976fdd0b976d  Zeitpunkt der Beendigung:
 18
 
Error - 17.01.2010 08:33:01 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 17.01.2010 14:22:37 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 19.01.2010 11:14:47 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VCExpress.exe, Version 9.0.30729.1, Zeitstempel
 0x488f1715, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4574fe0c, Ausnahmecode 0xc0000005, Fehleroffset 0x0be74680,  Prozess-ID 0x2c0, 
Anwendungsstartzeit 01ca99076ed4c427.
 
Error - 19.01.2010 19:04:20 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
 0x4aa91411, fehlerhaftes Modul flvDX.dll, Version 1.0.0.1, Zeitstempel 0x445872ae,
 Ausnahmecode 0xc000000d, Fehleroffset 0x00025ed0,  Prozess-ID 0x238, Anwendungsstartzeit
 01ca99599ff4df71.
 
Error - 21.01.2010 15:09:29 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 24.01.2010 08:25:37 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fd4  Anfangszeit: 01ca9cefbe005834  Zeitpunkt der Beendigung:
 24
 
Error - 24.01.2010 08:25:59 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: cec  Anfangszeit: 01ca9cf0566d5734  Zeitpunkt der Beendigung:
 29
 
Error - 24.01.2010 09:34:19 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f00  Anfangszeit: 01ca9cf064759094  Zeitpunkt der Beendigung:
 21
 
Error - 27.01.2010 08:33:58 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67,  Prozess-ID 0x9fc, 
Anwendungsstartzeit 01ca9f4c519381af.
 
[ System Events ]
Error - 07.09.2010 15:08:43 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 11:59:15 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 12:47:04 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 13:14:20 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

Alt 08.09.2010, 21:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Zitat:
meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________

__________________

Alt 08.09.2010, 22:03   #3
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Okay, sorry.

Also, AntiVir gibt folgendes aus:

"In der Datei 'C:\Users\***\AppData\Local\Temp\DRWAanel.dll'
wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PK' [backdoor] gefunden."


Zusätzlich erscheint seit kurzem beim Starten des PCs eine Fehlermeldung, dass eben jene Datei (DRWAAnel.dll) nicht gefunden wurde!
__________________

Alt 08.09.2010, 22:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Bitte routinemäßig erstmal einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 00:15   #5
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Okay, hier also die Log vom Vollscan mit Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4573

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09.09.2010 01:04:06
mbam-log-2010-09-09 (01-04-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 279656
Laufzeit: 1 Stunde(n), 50 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\masm32\examples\dialogs\calender\calender.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\masm32\examples\dialogs\tests\tests.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\masm32\examples\exampl05\qeplugin\qeplugin.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\masm32\examples\exampl06\regdemo\regdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\masm32\tools\makecimp\vcrtdemo\vcrtdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\masm32\tutorial\dlltute\dll\dlltute.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
         


Alt 09.09.2010, 11:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Dann brauch ich jetzt ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
--> Backdooprogramm BDS/Papras.PK

Alt 09.09.2010, 12:22   #7
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Also die OTL.txt hab ich, aber wenn ich diesen Scan durchführe, spuckt mir das Programm keine Extras.txt aus?

Hier ist die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 09.09.2010 13:06:20 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 0,63 Gb Free Space | 0,60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PE-PC
Current User Name: Pe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Pe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Pe\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MSDTC) --  File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\Pe\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 12:28:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 12:28:34 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Extensions
[2010.09.08 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.08 01:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Pe\AppData\Roaming\lowsec
[2010.08.04 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\Apple Computer
[2010.08.04 20:23:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.08.04 20:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.04 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.08.04 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.07.28 03:36:06 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\frisur surfer
[2010.06.26 01:44:16 | 000,000,000 | ---D | C] -- C:\cd17054bb999cd88b41da75ac871
[2010.06.18 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.09 13:06:13 | 003,407,872 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT
[2010.09.09 12:43:07 | 000,012,884 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\nvModes.001
[2010.09.09 12:26:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 12:26:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 12:26:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.09 12:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.09 12:25:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.09 01:17:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.09 01:17:38 | 000,065,536 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.09 01:17:37 | 000,524,288 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.09 01:17:13 | 000,985,706 | -H-- | M] () -- C:\Users\Pe\AppData\Local\IconCache.db
[2010.09.08 22:57:02 | 000,012,884 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\nvModes.dat
[2010.09.08 20:44:52 | 000,131,746 | ---- | M] () -- C:\Users\Pe\Desktop\gde2_klausur_s2009_mit_lsg.pdf
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\Pe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\Pe\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\Pe\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\Pe\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\Pe\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\Pe\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\Pe\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.05 14:27:36 | 000,018,680 | ---- | M] () -- C:\Users\Pe\Documents\pardy.dxp
[2010.08.03 23:31:32 | 000,007,298 | ---- | M] () -- C:\Users\Pe\Desktop\Mannschaftskader.zip
[2010.07.31 19:20:14 | 000,001,683 | ---- | M] () -- C:\Users\Pe\Documents\28day.axp
[2010.07.31 19:17:37 | 007,941,872 | ---- | M] () -- C:\Users\Pe\Tricky - Black Steel.mp3
[2010.07.25 19:53:31 | 000,954,254 | ---- | M] () -- C:\Users\Pe\Desktop\was_ist_rugby.pdf
[2010.07.23 01:52:02 | 000,003,338 | ---- | M] () -- C:\Users\Pe\Documents\cd.axp
[2010.07.19 21:36:29 | 000,013,824 | ---- | M] () -- C:\Users\Pe\Documents\mathe2.xls
[2010.07.17 07:35:05 | 000,210,705 | ---- | M] () -- C:\Users\Pe\Desktop\Beschluss EinEuroParty-1.pdf
[2010.07.12 02:04:14 | 000,207,360 | ---- | M] () -- C:\Users\Pe\Documents\WM 2010 Spielplan.xls
[2010.07.07 11:39:49 | 000,012,474 | ---- | M] () -- C:\Users\Pe\Documents\wichsa.dxp
[2010.06.14 20:58:29 | 019,243,053 | ---- | M] () -- C:\Users\Pe\Desktop\Titanic_2000_August_Web.pdf
[2010.06.12 11:53:43 | 000,019,817 | ---- | M] () -- C:\Users\Pe\Documents\_40824317_rugby5.jpg
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 20:44:52 | 000,131,746 | ---- | C] () -- C:\Users\Pe\Desktop\gde2_klausur_s2009_mit_lsg.pdf
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\Pe\Desktop\Aufgaben Barentin.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\Pe\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\Pe\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\Pe\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\Pe\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\Pe\Documents\eah.axp
[2010.08.05 14:27:36 | 000,018,680 | ---- | C] () -- C:\Users\Pe\Documents\pardy.dxp
[2010.08.03 23:31:31 | 000,007,298 | ---- | C] () -- C:\Users\Pe\Desktop\Mannschaftskader.zip
[2010.07.31 19:20:13 | 000,001,683 | ---- | C] () -- C:\Users\Pe\Documents\28day.axp
[2010.07.31 19:17:16 | 007,941,872 | ---- | C] () -- C:\Users\Pe\Tricky - Black Steel.mp3
[2010.07.27 03:39:50 | 000,407,605 | ---- | C] () -- C:\Users\Pe\Desktop\89762-050-F63E94E9.jpg
[2010.07.25 19:53:31 | 000,954,254 | ---- | C] () -- C:\Users\Pe\Desktop\was_ist_rugby.pdf
[2010.07.23 01:43:38 | 000,003,338 | ---- | C] () -- C:\Users\Pe\Documents\cd.axp
[2010.07.19 21:20:40 | 000,013,824 | ---- | C] () -- C:\Users\Pe\Documents\mathe2.xls
[2010.07.17 07:35:03 | 000,210,705 | ---- | C] () -- C:\Users\Pe\Desktop\Beschluss EinEuroParty-1.pdf
[2010.07.07 11:39:48 | 000,012,474 | ---- | C] () -- C:\Users\Pe\Documents\wichsa.dxp
[2010.06.14 20:53:45 | 019,243,053 | ---- | C] () -- C:\Users\Pe\Desktop\Titanic_2000_August_Web.pdf
[2010.06.12 11:53:41 | 000,019,817 | ---- | C] () -- C:\Users\Pe\Documents\_40824317_rugby5.jpg
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\Pe\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\Pe\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\Pe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
 
========== LOP Check ==========
 
[2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE
[2008.10.11 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Canneverbe_Limited
[2008.09.21 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\DeepBurner
[2010.08.30 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.09.09 01:13:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\foobar2000
[2010.01.25 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ICQ
[2009.09.17 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ImgBurn
[2009.11.06 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\IrfanView
[2009.08.11 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Kazaa Lite
[2010.08.10 03:11:56 | 000,000,000 | -HSD | M] -- C:\Users\Pe\AppData\Roaming\lowsec
[2009.10.29 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mathegrafix
[2008.10.13 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\OpenOffice.org
[2010.01.26 03:46:06 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QIP
[2010.03.15 15:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QipGuard
[2008.11.08 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Sony
[2010.09.06 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\uTorrent
[2010.09.09 01:17:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE
[2008.09.17 22:39:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Adobe
[2008.09.30 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\AdobeUM
[2010.08.04 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Apple Computer
[2008.10.11 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Canneverbe_Limited
[2008.09.21 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\DeepBurner
[2010.08.30 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.09.09 01:13:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\foobar2000
[2010.01.25 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ICQ
[2008.09.17 11:27:14 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Identities
[2009.09.17 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ImgBurn
[2008.09.17 11:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\InstallShield
[2009.11.06 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\IrfanView
[2009.08.11 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Kazaa Lite
[2010.08.10 03:11:56 | 000,000,000 | -HSD | M] -- C:\Users\Pe\AppData\Roaming\lowsec
[2008.09.17 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Macromedia
[2010.03.04 01:33:29 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Malwarebytes
[2009.10.29 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mathegrafix
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Media Center Programs
[2008.09.25 10:29:17 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Media Player Classic
[2010.02.03 20:18:23 | 000,000,000 | --SD | M] -- C:\Users\Pe\AppData\Roaming\Microsoft
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Mozilla
[2008.10.13 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\OpenOffice.org
[2010.01.26 03:46:06 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QIP
[2010.03.15 15:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QipGuard
[2010.04.23 12:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Real
[2008.11.08 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Sony
[2009.03.23 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\U3
[2010.09.06 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\uTorrent
[2010.09.02 01:29:28 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\vlc
[2008.09.17 22:47:55 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.03.10 01:03:48 | 000,003,310 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
[2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
[2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
[2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
[2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
[2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
[2010.04.05 13:51:07 | 001,988,464 | ---- | M] (Auslogics Software Pty Ltd                                  ) -- C:\Users\Pe\AppData\Roaming\QIP\Profiles\pe-86\RcvdFiles\Mickey_407351354\disk-defrag-screen-saver-11150.exe
[2010.04.05 13:52:47 | 000,475,760 | ---- | M] (Auslogics) -- C:\Users\Pe\AppData\Roaming\QIP\Profiles\pe-86\RcvdFiles\Mickey_407351354\DiskDefrag.exe
[2010.03.12 15:20:56 | 000,184,272 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Pe\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.09.17 22:15:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.09.17 22:15:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.09.17 22:15:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.01.27 11:21:06 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=37AF8406C1CD1CB4348B335523F0E4DA -- C:\Windows\System32\drivers\nvstor32.sys
[2007.01.27 11:21:06 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=37AF8406C1CD1CB4348B335523F0E4DA -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e40327a6\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.09.17 21:48:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.09.17 21:48:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.11.30 17:56:36 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >
         

Alt 09.09.2010, 13:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
SRV - (MSDTC) --  File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\Pe\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\jasltw.dat
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.08 01:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Pe\AppData\Roaming\lowsec
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 21:15   #9
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



So hier:

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named MSDTC was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC deleted successfully.
File   File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "hxxp://search.qip.ru/search?from=FF&query=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "143.93.243.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "143.93.243.1" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "143.93.243.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "143.93.243.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "143.93.243.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Updater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656d6693-d735-11dd-af09-002215297035}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656d6693-d735-11dd-af09-002215297035}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656d6693-d735-11dd-af09-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656d6693-d735-11dd-af09-002215297035}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\ not found.
File E:\programs\nu2menu\nu2menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe not found.
C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE folder moved successfully.
C:\Users\Pe\AppData\Local\5720XLfeqCs moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\Users\Pe\AppData\Roaming\jasltw.dat moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\Pe\AppData\Roaming\lowsec folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Pe
->Temp folder emptied: 12037237 bytes
->Temporary Internet Files folder emptied: 577034 bytes
->Java cache emptied: 20822286 bytes
->FireFox cache emptied: 90557787 bytes
->Flash cache emptied: 76763 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6899619 bytes
RecycleBin emptied: 19105603 bytes
 
Total Files Cleaned = 143,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09092010_220131

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 09.09.2010, 21:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 23:09   #11
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Hier die Combofix-Log:
Code:
ATTFilter
ComboFix 10-09-09.03 - Pe 09.09.2010  23:52:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1289 [GMT 2:00]
ausgeführt von:: c:\users\Pe\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-09 bis 2010-09-09  ))))))))))))))))))))))))))))))
.

2010-09-09 20:07 . 2010-09-09 21:46	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-09-09 20:01 . 2010-09-09 20:01	--------	d-----w-	C:\_OTL
2010-09-02 12:44 . 2010-09-02 20:22	--------	d-----w-	c:\program files\Kazaa Lite
2010-09-02 12:40 . 2010-09-02 20:22	--------	d-----w-	c:\program files\K-Lite
2010-08-30 18:59 . 2010-08-30 18:59	--------	d-----w-	c:\users\Pe\AppData\Roaming\EB-Edit
2010-08-30 18:59 . 2010-08-30 18:59	--------	d-----w-	c:\program files\EB-Edit
2010-08-18 20:09 . 2010-08-18 20:09	--------	d-----w-	c:\program files\Cyanide
2010-08-15 17:23 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-15 17:23 . 2010-06-29 15:47	834048	----a-w-	c:\windows\system32\wininet.dll
2010-08-15 17:23 . 2010-06-28 16:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-08-15 17:22 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-15 17:22 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-15 17:22 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-15 17:22 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-15 17:21 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-15 17:21 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-15 17:21 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-15 17:21 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-15 17:21 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 21:44 . 2007-04-18 08:33	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-09 21:39 . 2008-09-18 18:37	12884	----a-w-	c:\users\Pe\AppData\Roaming\nvModes.dat
2010-09-09 20:01 . 2010-03-15 13:11	--------	d-----w-	c:\users\Pe\AppData\Roaming\QipGuard
2010-09-09 20:01 . 2008-09-18 19:15	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-09-08 23:13 . 2008-10-01 13:12	--------	d-----w-	c:\users\Pe\AppData\Roaming\foobar2000
2010-09-08 16:47 . 2010-03-03 23:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-05 23:42 . 2010-04-15 19:20	--------	d-----w-	c:\users\Pe\AppData\Roaming\uTorrent
2010-09-01 23:29 . 2010-04-06 23:09	--------	d-----w-	c:\users\Pe\AppData\Roaming\vlc
2010-09-01 13:16 . 2007-04-18 09:14	623280	----a-w-	c:\windows\system32\perfh007.dat
2010-09-01 13:16 . 2007-04-18 09:14	125184	----a-w-	c:\windows\system32\perfc007.dat
2010-08-24 17:23 . 2009-12-09 16:20	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-24 17:14 . 2008-09-17 15:23	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-16 01:01 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-10 00:19 . 2009-07-16 17:59	--------	d-----w-	c:\program files\ICQ6.5
2010-08-04 20:22 . 2010-08-04 18:24	--------	d-----w-	c:\users\Pe\AppData\Roaming\Apple Computer
2010-08-04 20:12 . 2009-08-14 16:19	--------	d-----w-	c:\programdata\Apple
2010-08-04 18:23 . 2010-08-04 18:21	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-04 18:21 . 2008-11-08 16:51	--------	d-----w-	c:\programdata\Apple Computer
2010-08-04 18:19 . 2008-11-08 16:51	--------	d-----w-	c:\program files\QuickTime
2010-08-04 18:14 . 2010-08-04 18:14	--------	d-----w-	c:\program files\Apple Software Update
2010-08-04 18:09 . 2010-08-04 18:09	--------	d-----w-	c:\program files\Bonjour
2010-07-19 13:20 . 2009-08-14 17:02	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-07-19 13:20 . 2009-08-14 16:56	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-18 21:52 . 2010-06-18 21:52	55	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat
2010-06-18 21:52 . 2010-06-18 21:52	683801	----a-w-	c:\programdata\Last.fm\Client\UninstFoo3\unins000.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-19 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiFrame.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MultiFrame.lnk
backup=c:\windows\pss\MultiFrame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-17 15:48	37232	----a-w-	c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-17 15:48	33136	----a-w-	c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-01-15 22:17	778240	----a-w-	c:\program files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2009-12-05 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2009-12-05 21600]
R3 cpuz129;cpuz129;c:\users\Pe\AppData\Local\Temp\cpuz_x32.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-11-30 639224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-09 c:\windows\Tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-22 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {1A7B0A68-3283-400A-93DC-157BF0A1D8D3} = 212.7.160.2 212.7.160.9
FF - ProfilePath - c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-BCD3000 - c:\windows\system32\bcd3kcpan.exe
MSConfigStartUp-BitTorrent DNA - c:\users\Pe\Program Files\DNA\btdna.exe
AddRemove-QipGuard - c:\users\Pe\AppData\Roaming\QipGuard\QipGuard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-10 00:02
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2696516153-3433871498-291650200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}*]
@Allowed: (Read) (RestrictedCode)
"iaaicmdpbihpnfphdl"=hex:6b,61,6d,6b,65,6e,65,63,65,6d,64,6d,6d,67,6e,65,6e,6b,
   67,63,6e,61,00,00
"hakhiohogdmlekin"=hex:6b,61,6d,6b,65,6e,65,63,65,6d,64,6d,6d,67,6e,65,6e,6b,
   67,63,6e,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-09-10  00:05:39
ComboFix-quarantined-files.txt  2010-09-09 22:05

Vor Suchlauf: 651.399.168 Bytes frei
Nach Suchlauf: 577.892.352 Bytes frei

- - End Of File - - 693D779044FDCBD903C2321ABC36ECBF
         

Alt 10.09.2010, 09:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.09.2010, 16:05   #13
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



GMER:

Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-10 17:04:10
Windows 6.0.6002 Service Pack 2
Running: 36lrbx63.exe; Driver: C:\Users\Pe\AppData\Local\Temp\pgldapoc.sys


---- System - GMER 1.0.15 ----

SSDT            9CF334BC                                                                                                                            ZwCreateThread
SSDT            9CF334A8                                                                                                                            ZwOpenProcess
SSDT            9CF334AD                                                                                                                            ZwOpenThread
SSDT            9CF334B7                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                       826E5984 4 Bytes  [BC, 34, F3, 9C]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                       826E5B54 4 Bytes  [A8, 34, F3, 9C]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                       826E5B70 4 Bytes  [AD, 34, F3, 9C] {LODSD ; XOR AL, 0xf3; PUSHF }
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                       826E5D84 4 Bytes  [B7, 34, F3, 9C]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                            section is writeable [0x8CC0B340, 0x2946A7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfc12d2b7                                                         
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfc12d2b7 (not active ControlSet)                                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}@iaaicmdpbihpnfphdl  0x6B 0x61 0x6D 0x6B ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}@hakhiohogdmlekin    0x6B 0x61 0x6D 0x6B ...

---- EOF - GMER 1.0.15 ----
         

Alt 10.09.2010, 16:12   #14
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:11:39 on 10.09.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"applet.cpl" - "jeak.de" - C:\Windows\system32\applet.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Behringer BCD3000 V1.1.2.0" (BCD3000) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCD3000.SYS
"Behringer BCD3000WDM V1.1.2.0" (BCD3000WDM) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCD3000WDM.SYS
"catchme" (catchme) - ? - C:\Users\Pe\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz129" (cpuz129) - ? - C:\Users\Pe\AppData\Local\Temp\cpuz_x32.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"ipswuio" (ipswuio) - ? - C:\Windows\System32\DRIVERS\ipswuio.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pgldapoc" (pgldapoc) - ? - C:\Users\Pe\AppData\Local\Temp\pgldapoc.sys  (Hidden registry entry, rootkit activity | File not found)
"Rainbow USB SuperPro" (Sntnlusb) - "Rainbow Technologies Inc." - C:\Windows\System32\DRIVERS\SNTNLUSB.SYS
"Sentinel" (Sentinel) - "Rainbow Technologies, Inc." - C:\Windows\System32\Drivers\SENTINEL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"WCPU" (WCPU) - "Windows (R) Codename Longhorn DDK provider" - C:\Program Files\P4G\WCPU.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{3A1A93A8-B021-4483-8485-1CBBD3AADD35} "Infotip.DDBFileHandler" - ? - C:\Program Files\BAE\bae\baeinfo.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
 "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Pe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATKMEDIA" - "ASUSTeK Computer INC." - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 10.09.2010, 16:18   #15
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Bootkit Remover:


Erst mal kommt eine Fehlermeldung beim Öffnen:
"ATA_PASS_TROUGH_DIRECT is not supported by your disk controller.
SCSI_PASS_TROUGH_DIRECT will be use for disk I/O."



dann Ausgabe:


Bootkit Remover
(c) 2009 eSage Lab
esage lab - main

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`b5900000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: ce1f92f8dc2583dab8e491967abacde8

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Antwort

Themen zu Backdooprogramm BDS/Papras.PK
32-bit, autorun, avgntflt.sys, avira, avira guard, bho, bonjour, cdburnerxp, components, corp./icp, desktop, error, excel, excel.exe, firefox, firefox.exe, flash player, fontcache, helper, hijack.exefile, home, home premium, install.exe, installation, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, popup, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, software, sptd.sys, studio, svchost.exe, symantec, torrent.exe, trojan.agent.u, vista, visual studio, vlc media player



Ähnliche Themen: Backdooprogramm BDS/Papras.PK


  1. BDS/Papras.VZ
    Log-Analyse und Auswertung - 23.08.2011 (1)
  2. problem mit BDS/Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (28)
  3. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  4. BDS/Papras.OG
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (11)
  5. gefährliches Backdooprogramm BDS/Papras.PK
    Log-Analyse und Auswertung - 03.10.2010 (22)
  6. BDS/Papras.PR Eingefangen (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (1)
  7. Win32.Backdoor.Papras/A
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (25)
  8. TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  9. Tr/psw papras ab
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (14)
  10. TR/PSW.Papras.AB -#2
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (2)
  11. BDS.Papras.JX
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (17)
  12. BDS/Papras.KN in cmdnfig.dll
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (9)
  13. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  14. BDS/Papras.jx
    Log-Analyse und Auswertung - 08.07.2010 (1)
  15. BDS/Papras.JF [backdoor]
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (3)
  16. BDS/Papras.HE entfernen
    Log-Analyse und Auswertung - 13.06.2010 (1)
  17. BDS/Papras.GX
    Log-Analyse und Auswertung - 13.06.2010 (1)

Zum Thema Backdooprogramm BDS/Papras.PK - Hallo! Ich habe seit 2 Tagen folgendes Problem: Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK. Ich habe - Backdooprogramm BDS/Papras.PK...
Archiv
Du betrachtest: Backdooprogramm BDS/Papras.PK auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.