| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BDS/Papras.PK [backdoor] in C:\WINDOWS\system32\lprdump.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2010, 20:28
| #1 |
| | ![BDS/Papras.PK [backdoor] in C:\WINDOWS\system32\lprdump.dll - Standard](images/icons/icon1.gif){kind=icon} BDS/Papras.PK [backdoor] in C:\WINDOWS\system32\lprdump.dll Hallo Helfer! Nachdem ich heute den Rechner hochfuhr, meldete Avira folgenden Fund: In der Datei 'C:\WINDOWS\system32\lprdump.dll' wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PK' [backdoor] gefunden. Die Datei zu löschen oder in Quarantäne zu schieben funktioniert nicht und nun hoffe ich, dass ihr mir weiter helfen könnt. Ich habe danach die Anleitung hier gelesen und Malwarebyte (keine Funde) und OTL ausgeführt. LOG Malwarebyte: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4563 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07.09.2010 21:10:38 mbam-log-2010-09-07 (21-10-38).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 177737 Laufzeit: 12 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danach habe ich entsprechend der Anleitung OTL verwendet und folgende Ausgaben wurden erzeugt: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2010 21:17:29 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\tmp Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 491,00 Mb Available Physical Memory | 48,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111,79 Gb Total Space | 4,10 Gb Free Space | 3,67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 123,69 Mb Total Space | 103,34 Mb Free Space | 83,55% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMILO-EDDY Current User Name: Christian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\tmp\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - c:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\system32\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) ========== Modules (SafeList) ========== MOD - C:\tmp\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\System32\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [VantagePointLite.exe] C:\Programme\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe (Magellan Navigation, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://gateway.siv.de/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://gateway.siv.de/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613 (F5 Networks Auto Update) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://gateway.siv.de/vdesk/terminal/urTermProxy.cab#version=6020,2009,0709,1003 (F5 Networks Static Application Tunnel Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://gateway.siv.de/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604 (F5 Networks Host Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.13 08:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: cidautou - (C:\WINDOWS\system32\lprdump.dll) - C:\WINDOWS\system32\lprdump.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 20:55:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Malwarebytes [2010.09.07 20:55:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.07 20:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes [2010.09.07 20:55:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.07 20:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.22 11:29:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.20 21:28:19 | 000,000,000 | ---D | C] -- C:\Programme\Trillian [2010.08.19 21:01:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\skypePM [2010.08.19 21:00:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Skype [2010.08.19 20:59:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.08.19 20:58:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype [2010.08.19 20:54:16 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\Christian\Desktop\SkypeSetup.exe [2010.08.11 22:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christian\Desktop\plissee [33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.07 20:51:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.09.07 20:25:44 | 000,021,747 | ---- | M] () -- C:\WINDOWS\MSTMON_S.INI [2010.09.07 20:24:06 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.09.07 20:23:14 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.09.07 20:23:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.07 20:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.07 20:22:03 | 006,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\NTUSER.DAT [2010.09.07 20:22:03 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.ini [2010.09.07 20:21:56 | 002,110,212 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.07 20:16:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.05 23:10:04 | 000,039,068 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\DK.pdf [2010.09.05 19:47:03 | 000,019,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.09.05 19:46:10 | 001,414,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.09.05 14:55:59 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\lprdump.dll [2010.09.03 20:13:28 | 000,031,831 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\schweden.pdf [2010.09.03 20:11:34 | 000,013,281 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\schweden.docx [2010.08.21 12:07:34 | 027,020,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\dosenfischer_podcast_127b.mp3 [2010.08.19 22:54:13 | 005,152,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\CIMG4430.JPG [2010.08.19 21:01:02 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.08.19 20:59:25 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk [2010.08.19 20:54:31 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\Christian\Desktop\SkypeSetup.exe [2010.08.17 23:18:37 | 001,818,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Personenkontensaldenliste 30.06.2010 (Testsystem) inkl. Anz.-Bereitstellung (Herr Schletter).xls [2010.08.17 15:35:39 | 000,044,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\251a3a6f-6986-4440-a11c-a392262073d6.jpg [2010.08.12 11:48:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 11:47:15 | 001,025,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 11:47:15 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 11:47:15 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 11:47:15 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 11:47:15 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.12 10:56:09 | 000,000,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\GeocachingNetworkKML.kml [33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.05 23:10:04 | 000,039,068 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\DK.pdf [2010.09.05 14:55:59 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\lprdump.dll [2010.09.03 20:15:38 | 000,031,831 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\schweden.pdf [2010.09.03 20:11:34 | 000,013,281 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\schweden.docx [2010.08.21 12:07:31 | 027,020,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\dosenfischer_podcast_127b.mp3 [2010.08.19 22:53:01 | 005,152,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\CIMG4430.JPG [2010.08.19 21:01:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.08.19 20:59:25 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk [2010.08.17 23:18:36 | 001,818,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Personenkontensaldenliste 30.06.2010 (Testsystem) inkl. Anz.-Bereitstellung (Herr Schletter).xls [2010.08.17 15:42:13 | 000,044,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\251a3a6f-6986-4440-a11c-a392262073d6.jpg [2010.01.16 15:36:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2009.07.05 12:35:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.06.15 21:48:43 | 000,019,253 | ---- | C] () -- C:\WINDOWS\MSUMLT_S.ini [2009.06.15 21:37:01 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.14 17:52:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll [2009.06.14 17:52:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll [2009.06.14 17:52:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll [2009.06.14 17:52:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll [2009.06.14 17:52:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll [2009.06.14 17:52:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll [2009.06.14 17:52:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll [2009.06.14 17:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll [2009.06.14 17:52:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll [2009.06.14 17:41:54 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.06.14 17:31:02 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.07.23 12:55:00 | 000,021,747 | ---- | C] () -- C:\WINDOWS\MSTMON_S.INI [2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll < End of report > EXTRAS.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2010 21:17:29 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\tmp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 491,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 4,10 Gb Free Space | 3,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 123,69 Mb Total Space | 103,34 Mb Free Space | 83,55% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMILO-EDDY
Current User Name: Christian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Programme\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}" = Groundspeak Wherigo Builder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6A8BB79-7DA0-4EE1-964A-FF1A4F746B02}" = ATI Catalyst Control Center
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OnlineFotoservice" = OnlineFotoservice
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 4.14.7_b1" = ActiveTrader 4.14.7_b1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2010 12:57:15 | Computer Name = AMILO-EDDY | Source = ESENT | ID = 470
Description = Catalog Database (1272) Datenbank C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
Error - 03.09.2010 18:01:24 | Computer Name = AMILO-EDDY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.09.2010 05:03:48 | Computer Name = AMILO-EDDY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.09.2010 13:32:35 | Computer Name = AMILO-EDDY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung EXCEL.EXE, Version 10.0.2614.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.09.2010 13:38:45 | Computer Name = AMILO-EDDY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MSTMON_S.EXE, Version 1.3.701.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.09.2010 16:08:11 | Computer Name = AMILO-EDDY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 8.1.0.137, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24001f55.
Error - 06.09.2010 01:04:55 | Computer Name = AMILO-EDDY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung itunes.exe, Version 8.2.1.6, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 06.09.2010 13:44:27 | Computer Name = AMILO-EDDY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 8.1.0.137, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24001f55.
Error - 07.09.2010 14:17:10 | Computer Name = AMILO-EDDY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 07.09.2010 14:26:14 | Computer Name = AMILO-EDDY | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application vantagepoint lite.exe, version 1.0.0.0, stamp
4bf660af, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7,
debug? 0, fault address 0x00097dda.
[ System Events ]
Error - 05.09.2010 13:31:32 | Computer Name = AMILO-EDDY | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter bf8548ac,
3. Parameter 9c716ae4, 4. Parameter 00000000.
Error - 05.09.2010 13:34:12 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
Error - 05.09.2010 13:38:09 | Computer Name = AMILO-EDDY | Source = Service Control Manager | ID = 7034
Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 05.09.2010 13:38:20 | Computer Name = AMILO-EDDY | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 05.09.2010 13:38:29 | Computer Name = AMILO-EDDY | Source = Service Control Manager | ID = 7034
Description = Dienst "FLEXnet Licensing Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 05.09.2010 13:46:35 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
Error - 06.09.2010 01:03:45 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
Error - 06.09.2010 13:02:49 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
Error - 07.09.2010 14:17:21 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
Error - 07.09.2010 14:24:00 | Computer Name = AMILO-EDDY | Source = ati2mtag | ID = 52233
Description = CPLIB :: General - Failed to authenticate output protection
< End of report >
Nun hoffe ich, dass Ihr mir weiter helfen könnt. Danke im Vorraus, Christian |
| Themen zu BDS/Papras.PK [backdoor] in C:\WINDOWS\system32\lprdump.dll |
| 0x00000001, adobe after effects, antivir, avgntflt.sys, avira, backdoor, bho, bonjour, components, desktop, error, excel, excel.exe, extras.txt, failed, fehlercode 1, fehlercode 10, flash player, google, hdaudio.sys, helper, home, homepage, iastor.sys, indesign, keine funde, location, logfile, object, oldtimer, otl logfile, otl.exe, otl.txt, plug-in, programm, realtek, saver, sched.exe, security, server, service pack 1, shell32.dll, software, static, system, system error, total commander, tunnel, virus, windows, windows internet, windows internet explorer |
![BDS/Papras.PK [backdoor] in C:\WINDOWS\system32\lprdump.dll](iconimages/plagegeister-aller-art-deren-bekaempfung/bds-papras-pk-backdoor-c-windows-system32-lprdump-dll_ltr.gif)
Baum-Darstellung