Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BDS/Papras.PR - ist mein PC frei davon?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.09.2010, 14:35   #1
Flo_K
 
BDS/Papras.PR - ist mein PC frei davon? - Standard

BDS/Papras.PR - ist mein PC frei davon?



Ich hatte mir wie viele auch einen Papras eingefangen. Antivir meldete schon vor einigen Tagen das erste Mal:

In der Datei 'C:\Users\Florian\AppData\Local\Temp\cmdlPING.dll'
wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PR' [backdoor] gefunden.

Vorgestern ließ sich dann mein Laptop nicht mehr hochfahren. Nach dem Windows 7 - Logo kam schwarzer Bildschirm mit mauzeiger drauf, der sich auch bewegen ließ, aber sonst passierte nichts. Dann kam mitunter ein Bluescreen und er startet neu mit der Meldung "Non-system Disk or disk error". Laut HP Diagnosetool war Festplatte kaputt. Laut Windowseigener Diagnose nicht und das Ding ließ sich gestern durch starthilfe bzw. Systemwiederherstellung wiederherstellen. Daher meine erste Frage: Kann dies alles mit einem Virus, bzw. mit Papras erklärt werden?

Dann habe ich nachdem er wieder lief natürlich gleich AntiVir Komplett-Scan gemacht, Papras wurde gefunden und für Löschen nach Neustart vorgemerkt. Malwarebytes wurde ebenfalls drüberlaufen gelassen. Fand auch mehreres.

Nach Neustart fand AntiVir den Papras nicht mehr und auch im Explorer war er an dem Ort, an dem er sich vorher befand nicht mehr zu sehen. Bis jetzt kam auch keine Meldung des AntiVir-Guards mehr. Malwarebytes fand ihn auch nicht mehr, als ich es heute erneut durchlaufen ließ, aber einen anderen Wurm.

Ist mein System jetzt etwa so einfach locker flockig von Papras frei? Wie kann ich das rausfinden?

Hier der Malwarebytes-Log.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4595

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.09.2010 00:45:45
mbam-log-2010-09-12 (00-45-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 336946
Laufzeit: 1 Stunde(n), 53 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ciphssvc (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1d61c2a8-5212-d79a-0646-b3cfa1af8c48} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Florian\AppData\Roaming\Neovxi\xeko.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
         
Und hier die beiden OLT-Logs:
Code:
ATTFilter
OTL logfile created on: 12.09.2010 01:00:45 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 127,47 Gb Free Space | 57,19% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,43 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 991,69 Mb Free Space | 97,13% Space Free | Partition Type: FAT32
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Bandoo\Bandoo.exe (Discordia Limited)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE (GMX GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)
PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Discordia Limited)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (ASBroker) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (IFXSpMgtSrv) -- C:\Programme\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)
SRV - (PersonalSecureDriveService) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (IFXTCS) -- C:\Programme\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (uigxrdr) -- C:\Windows\System32\drivers\uigxrdr.SYS (GMX GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (eabusb) -- C:\Windows\System32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.orf.at"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.5
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.26 18:32:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.26 18:32:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.03 03:40:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.26 18:32:43 | 000,000,000 | ---D | M]
 
[2009.12.03 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.12.03 16:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.06 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions
[2009.11.29 01:20:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.15 18:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.15 11:56:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.01 23:04:54 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010.01.11 00:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\firefox@bandoo.com
[2010.02.08 02:08:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\moveplayer@movenetworks.com
[2010.04.06 10:08:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.10 01:21:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.10 01:21:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.10 01:21:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.09 11:46:54 | 000,000,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearch.xml
[2010.08.10 01:21:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.10 01:21:21 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}] C:\Users\***\AppData\Roaming\Neovxi\xeko.exe File not found
O4 - HKCU..\Run: [GMX_GMX Upload-Manager] C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE (GMX GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\hewlet~1\iam\bin\apshook.dll) - c:\Programme\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SWSETUP\APPINSTL\setup.exe -- File not found
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell - "" = AutoRun
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell - "" = AutoRun
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.12 00:48:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.11 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.09.11 22:40:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.11 22:40:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.11 22:40:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.11 22:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.11 22:39:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\mbam146-setup.exe
[2010.09.10 01:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2010.09.08 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010.09.08 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Panasonic
[2010.09.08 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SD KARTE
[2010.09.08 18:53:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic
[2010.09.08 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2010.09.08 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.09.08 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Programmdateien
[2010.09.07 19:26:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\cerasus.media
[2010.09.06 01:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FreePDF_XP
[2010.09.04 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Berlin
[2010.08.31 12:01:48 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP
[2010.08.31 12:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF
[2010.08.31 11:52:47 | 000,000,000 | ---D | C] -- C:\Programme\PDF Blender
[2010.08.26 18:31:55 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.08.26 18:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.23 15:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009.10.02 19:56:42 | 000,186,928 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.10.09 04:28:56 | 000,195,112 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.12 01:01:00 | 004,980,736 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.09.12 00:57:54 | 000,463,676 | ---- | M] () -- C:\Users\***\Desktop\cc_20100912_005718.reg
[2010.09.12 00:48:30 | 001,574,526 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.12 00:48:30 | 000,682,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.12 00:48:30 | 000,639,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.12 00:48:30 | 000,142,316 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.12 00:48:30 | 000,116,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.12 00:48:20 | 000,000,969 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.09.12 00:46:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vysgy.sys
[2010.09.12 00:33:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.11 22:40:10 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 22:39:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\mbam146-setup.exe
[2010.09.11 21:33:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.11 20:56:59 | 000,011,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 20:56:59 | 000,011,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 20:52:14 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.11 20:50:27 | 000,155,760 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.11 20:49:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000002.regtrans-ms
[2010.09.11 20:49:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 20:49:45 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TM.blf
[2010.09.11 20:49:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.11 20:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.11 20:48:55 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.11 19:30:16 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010.09.10 02:01:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000002.regtrans-ms
[2010.09.10 02:01:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000001.regtrans-ms
[2010.09.10 02:01:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TM.blf
[2010.09.09 12:38:38 | 061,184,157 | ---- | M] () -- C:\Users\***\Desktop\jensi1.zip.part
[2010.09.08 22:41:53 | 001,622,133 | ---- | M] () -- C:\Users\***\Desktop\IMG_5788.JPG
[2010.09.08 22:27:17 | 001,623,469 | ---- | M] () -- C:\Users\***\Desktop\IMG_5765.JPG
[2010.09.06 23:40:31 | 000,019,968 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.06 01:09:22 | 000,024,604 | ---- | M] () -- C:\Users\***\Desktop\bestellbestätigung CAM.pdf
[2010.09.05 18:07:34 | 047,995,904 | ---- | M] () -- C:\Users\***\video01.mov
[2010.09.05 00:30:58 | 001,850,468 | ---- | M] () -- C:\Users\***\Desktop\Gutachten_Gottlieb[2].pdf
[2010.08.31 11:59:39 | 016,357,376 | ---- | M] () -- C:\Users\***\gs871w32.exe
[2010.08.31 11:52:47 | 000,001,000 | ---- | M] () -- C:\Users\***\Desktop\PDF Blender.lnk
[2010.08.26 18:32:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 15:32:47 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\MAXQDA 10.lnk
[2010.08.16 16:14:37 | 000,060,530 | ---- | M] () -- C:\Users\***\Desktop\Hey Mikhail.pdf
[2010.08.16 11:15:27 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$y Mikhail.doc
[2010.08.14 12:51:42 | 000,524,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.12 00:57:30 | 000,463,676 | ---- | C] () -- C:\Users\***\Desktop\cc_20100912_005718.reg
[2010.09.12 00:48:20 | 000,000,969 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.09.12 00:46:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vysgy.sys
[2010.09.11 22:40:10 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 20:49:46 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000002.regtrans-ms
[2010.09.11 20:49:46 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 20:49:45 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TM.blf
[2010.09.11 19:30:16 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010.09.10 02:01:07 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000002.regtrans-ms
[2010.09.10 02:01:06 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000001.regtrans-ms
[2010.09.10 02:01:06 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TM.blf
[2010.09.09 01:02:15 | 061,184,157 | ---- | C] () -- C:\Users\***\Desktop\jensi1.zip.part
[2010.09.09 00:22:22 | 000,016,896 | -HS- | C] () -- C:\Users\***\Thumbs.db
[2010.09.08 22:40:36 | 001,622,133 | ---- | C] () -- C:\Users\***\Desktop\IMG_5788.JPG
[2010.09.08 22:26:15 | 001,623,469 | ---- | C] () -- C:\Users\***\Desktop\IMG_5765.JPG
[2010.09.06 01:09:22 | 000,024,604 | ---- | C] () -- C:\Users\***\Desktop\bestellbestätigung CAM.pdf
[2010.09.05 18:07:14 | 047,995,904 | ---- | C] () -- C:\Users\***\video01.mov
[2010.09.05 00:30:58 | 001,850,468 | ---- | C] () -- C:\Users\***\Desktop\Gutachten_Gottlieb[2].pdf
[2010.08.31 12:01:50 | 000,119,152 | ---- | C] () -- C:\Windows\System32\redmon.hlp
[2010.08.31 12:01:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.08.31 12:01:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.08.31 11:59:33 | 016,357,376 | ---- | C] () -- C:\Users\***\gs871w32.exe
[2010.08.31 11:52:47 | 000,001,000 | ---- | C] () -- C:\Users\***\Desktop\PDF Blender.lnk
[2010.08.26 18:32:30 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 15:18:50 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\MAXQDA 10.lnk
[2010.08.16 16:14:37 | 000,060,530 | ---- | C] () -- C:\Users\***\Desktop\Hey Mikhail.pdf
[2010.08.16 11:15:27 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$y Mikhail.doc
[2010.01.10 19:27:26 | 000,019,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.10 20:23:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.28 02:21:09 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.11.28 02:21:09 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.11.28 02:21:09 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.11.28 02:18:16 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.11.28 02:18:16 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.11.24 02:44:40 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.11.24 02:41:16 | 000,000,033 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt
[2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt
[2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt
[2009.11.24 02:07:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.24 01:59:04 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.29 16:30:16 | 000,109,216 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.29 17:10:06 | 000,300,600 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2008.10.09 04:32:46 | 001,810,856 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.10.09 04:31:10 | 000,034,856 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.06.17 13:25:55 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.06.17 13:25:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.06.17 13:25:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.06.17 13:25:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.06.17 13:25:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.06.17 13:25:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.06.17 13:06:29 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2006.05.19 18:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2010.02.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.06.09 01:10:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.08.23 17:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2010.01.11 00:26:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bandoo
[2010.09.07 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cerasus.media
[2010.07.22 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.06.15 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.22 21:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2010.06.22 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2009.11.24 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Infineon
[2009.11.24 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2010.07.03 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXQDA10
[2010.07.21 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2010.09.12 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neovxi
[2010.08.27 01:41:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2009.11.27 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Revolver Preferences
[2010.07.22 21:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2009.12.03 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.11.27 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2010.09.11 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zudu
[2009.11.24 02:23:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2010.06.10 23:33:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.09.2010 01:00:45 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 127,47 Gb Free Space | 57,19% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,43 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 991,69 Mb Free Space | 97,13% Space Free | Partition Type: FAT32
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24843DF0-CDC7-4BDF-B68E-F529DFC00D3E}" = HP ProtectTools Security Manager
"{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Wiederbeschaffung bei Diebstahl
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4534DDFE-E33F-4CA3-89A4-F1E9CA001B5F}" = HP ESU for Microsoft Windows 7
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6D3E1598-2B10-4DE8-A072-4B9B6AC302C4}" = HP User Guides 0097
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{819F6BAD-35DA-4094-BCE6-F57AACE116D1}" = ESU for Microsoft Vista SP1
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8595812B-9104-4196-B629-FD298D819399}" = HP User Guides 0097
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}" = Embedded Security for HP ProtectTools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}" = HP 3D DriveGuard
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{BEF99123-C1DC-479B-9445-DE3E026F320E}" = HP JavaCard for HP ProtectTools
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6D9BF7C-2C34-4EC1-8ECC-10AFA15BEA66}" = HP Wallpaper
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FreePDF_XP" = FreePDF (Remove only)
"GMX Upload-Manager" = GMX Upload-Manager
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP QuickLook 2_is1" = HP QuickLook 2
"HyperCam 3" = HyperCam 3
"InstallShield_{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA10" = MAXQDA 10 (R070610)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"Orbit_is1" = Orbit Downloader
"PDF Blender" = PDF Blender
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Scribe" = Express Scribe
"Spotify" = Spotify
"ST5UNST #1" = Backgammon Deluxe
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Edit Magic 4_is1" = Video Edit Magic 4.4
"VideoPad" = VideoPad Video Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 13.09.2010, 13:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.PR - ist mein PC frei davon? - Standard

BDS/Papras.PR - ist mein PC frei davon?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&q="
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}] C:\Users\***\AppData\Roaming\Neovxi\xeko.exe File not found
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SWSETUP\APPINSTL\setup.exe -- File not found
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell - "" = AutoRun
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell - "" = AutoRun
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
[2010.09.12 00:46:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vysgy.sys
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
:Files
C:\Users\***\AppData\Roaming\Neovxi
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________

Alt 13.09.2010, 23:57   #3
Flo_K
 
BDS/Papras.PR - ist mein PC frei davon? - Standard

BDS/Papras.PR - ist mein PC frei davon?



Vielen Dank. Habe das gemacht, hier ist das log-file:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
File E:\SWSETUP\APPINSTL\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
File C:\Windows\System32\drivers\vysgy.sys not found.
ADS C:\ProgramData\TEMP:9AEE100C deleted successfully.
ADS C:\ProgramData\TEMP:94A19129 deleted successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\Neovxi folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 4778698 bytes
->Temporary Internet Files folder emptied: 100814626 bytes
->Java cache emptied: 29139522 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1934976 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153280 bytes
RecycleBin emptied: 223314 bytes
 
Total Files Cleaned = 131,00 mb
 
 
OTL by OldTimer - Version 3.2.12.0 log created on 09132010_235002

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
__________________

Alt 14.09.2010, 09:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.PR - ist mein PC frei davon? - Standard

BDS/Papras.PR - ist mein PC frei davon?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu BDS/Papras.PR - ist mein PC frei davon?
32 bit, alternate, antivir, audacity, avgntflt.sys, avira, backdoor, bandoo, bds/papras.pr, bho, bildschirm, bluescree, bluescreen, components, converter, corp./icp, desktop, downloader, error, erste mal, excel, excel.exe, festplatte, firefox, flash player, fontcache, google, iastor.sys, install.exe, launch, local\temp, location, locker, logfile, microsoft office word, mozilla thunderbird, mp3, non-system disk or disk error, nvstor.sys, object, office 2007, oldtimer, olympus, otl logfile, otl.exe, papras, picasa, programdata, programm, safeboot.sys, saver, sched.exe, schwarzer bildschirm, searchplugins, security, security update, shell32.dll, software, start menu, starthilfe, studio, taskhost.exe, trojan.agent.u, trojan.zbotr.gen, virus, webcheck, windows



Ähnliche Themen: BDS/Papras.PR - ist mein PC frei davon?


  1. Ist nach Boot von Antivir Rescue CD mein Rechner frei von TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 ?
    Log-Analyse und Auswertung - 01.06.2012 (16)
  2. Hilfe habe virus und ich soll 50€ zahlen damit mein windows wieder frei ist
    Alles rund um Windows - 29.01.2012 (1)
  3. Ist mein Laptop wieder Trojaner(bka) frei nach systemwiederherstellung?
    Log-Analyse und Auswertung - 05.01.2012 (6)
  4. TAN Trojaner: Ist mein Zweitsystem GOZI-frei?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (26)
  5. Was haltet ihr davon???
    Log-Analyse und Auswertung - 26.08.2010 (3)
  6. Ist mein Rechner "rootkit" - frei ?
    Log-Analyse und Auswertung - 16.07.2010 (25)
  7. Ist mein System Maleware frei?
    Mülltonne - 01.01.2009 (0)
  8. Schaut euch mal bitte mein logfile an und sagt mir was davon bösartig ist
    Log-Analyse und Auswertung - 13.04.2006 (9)
  9. was haltet ihr davon ??
    Log-Analyse und Auswertung - 08.04.2005 (1)
  10. HiJackThis Log- was haltet ihr davon?
    Log-Analyse und Auswertung - 12.03.2005 (25)
  11. was ich davon fixen od.löschen?
    Log-Analyse und Auswertung - 26.01.2005 (2)
  12. Was kann ich davon löschen?
    Log-Analyse und Auswertung - 04.12.2004 (7)
  13. BDS.Padodor.v2 - wer weiß was davon?
    Plagegeister aller Art und deren Bekämpfung - 12.10.2004 (16)
  14. log - hab keine ahnung davon...
    Log-Analyse und Auswertung - 01.10.2004 (5)
  15. Was haltet ihr davon ?
    Antiviren-, Firewall- und andere Schutzprogramme - 12.05.2004 (4)
  16. was ist davon zu halten ???
    Plagegeister aller Art und deren Bekämpfung - 14.02.2004 (2)

Zum Thema BDS/Papras.PR - ist mein PC frei davon? - Ich hatte mir wie viele auch einen Papras eingefangen. Antivir meldete schon vor einigen Tagen das erste Mal: In der Datei 'C:\Users\Florian\AppData\Local\Temp\cmdlPING.dll' wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PR' [backdoor] - BDS/Papras.PR - ist mein PC frei davon?...
Archiv
Du betrachtest: BDS/Papras.PR - ist mein PC frei davon? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.