| |
| |||||||
Log-Analyse und Auswertung: Backdooprogramm BDS/Papras.PKWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.09.2010, 18:42
| #1 |
 |  Backdooprogramm BDS/Papras.PK Hallo! Ich habe seit 2 Tagen folgendes Problem: Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK. Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei von Malwarebyte, danach die beiden Dateien von OTL. Vielen Dank schonmal im Vorraus für eure Hilfe! Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4572
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
08.09.2010 19:12:37
mbam-log-2010-09-08 (19-12-37).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133204
Laufzeit: 9 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\evenconv (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> No action taken.
OTL.txt: Code:
ATTFilter OTL logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS) PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0 FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "143.93.243.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "143.93.243.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "143.93.243.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "143.93.243.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "143.93.243.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M] [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions [2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com [2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com [2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael [2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml [2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite [2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite [2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit [2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide [2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay [2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job [2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls [2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp [2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp [2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc [2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp [2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp [2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat [2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs [2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini [2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs [2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll [2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\OTL logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS) PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0 FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "143.93.243.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "143.93.243.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "143.93.243.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "143.93.243.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "143.93.243.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M] [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions [2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com [2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com [2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael [2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml [2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite [2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite [2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit [2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide [2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay [2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job [2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls [2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp [2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp [2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc [2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp [2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp [2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat [2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs [2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini [2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs [2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll [2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll < End of report > \Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PE-PC Current User Name: Pe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E6D16E-BA14-4C00-A51F-D69CC1282D00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0CA12054-255B-4675-855C-B8ADB118ED28}" = rport=445 | protocol=6 | dir=out | app=system | "{11E5174A-5A0D-4BD1-9BC9-E826DA6C0478}" = lport=2869 | protocol=6 | dir=in | app=system | "{125B846F-2101-4A50-8F26-37A3479FB677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3A6096E3-2922-4AE0-883D-6642A9A03A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3FCCC298-439E-43F0-AC88-5642EE33C02D}" = lport=139 | protocol=6 | dir=in | app=system | "{6D71E92E-DABA-4DC4-83D2-8719CDE08AA0}" = rport=139 | protocol=6 | dir=out | app=system | "{70750F3B-3448-48B1-9DB9-B0ED70B2C4D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78FD3E14-2362-4D4C-AEE4-74673F6CC815}" = lport=138 | protocol=17 | dir=in | app=system | "{9FDC462D-7DB6-4E5C-B53C-8F193CB5D2C8}" = rport=138 | protocol=17 | dir=out | app=system | "{A0FD3061-C609-4F00-B7FB-A371F31E28B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A659F963-5EFF-4AB6-B7FC-F6351D175E67}" = lport=3649 | protocol=6 | dir=in | name=217.86.167.3 | "{A9A80D5C-8EE4-44A1-A999-C0BAB3A341DA}" = lport=10243 | protocol=6 | dir=in | app=system | "{B09B0B89-8C7E-4D9C-9529-603F85994157}" = lport=137 | protocol=17 | dir=in | app=system | "{B8F8E66C-5684-4567-AD38-39AEC6674B31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC71539D-F06F-486B-8E42-90C3C15059F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C6411E97-379E-4756-B6D4-A3E6BD0D9698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC5B2DBC-C5FE-4950-A2C3-0AB7968B4B85}" = rport=10243 | protocol=6 | dir=out | app=system | "{EC078192-AC23-478B-9A00-D6ADA5BD8818}" = rport=137 | protocol=17 | dir=out | app=system | "{F173E37D-9EE0-49F1-A997-CE32016F6341}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15FB0F2E-936B-48F4-A2F8-93F0179509C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2E199D53-1461-443A-B546-91A82B9C1CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{307045F9-8995-41E0-831F-4489C9128221}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{368E942A-37BA-4582-BA5B-4A8FBA467FDE}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\klrun.exe | "{3A8BC496-8162-497A-A275-02024ED27205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B1CBA3B-FE39-48A2-BF6C-20A4A13A0B78}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | "{3EC0C517-3D3D-4541-9669-E6F808FF5707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{43B1097B-D18B-4276-A417-A2F8A19557DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4A906F26-EB50-4FE3-8E31-69F28A139D61}" = protocol=6 | dir=out | app=system | "{4F486D76-D356-4F96-A913-142F15D57F07}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{52B515D4-9CEA-4411-9748-775A416C667A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{5909977D-D3E6-4757-BC9A-468D87D1E502}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{603044B3-1FDB-481D-9181-E4A20C626BDA}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kanat.exe | "{6334E7D3-B87D-44C8-8601-CF85BAFEEEAB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{6AFC7A70-529B-4C1B-AF41-2D4139804A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8729FC4A-35FE-4AF7-9E88-52E41D5ACAE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{880B326B-CC8E-46B0-81C7-7866FD4A8B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8859E349-94BA-4055-9B08-8611EBD95AD2}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kanat.exe | "{8B55DE3D-5167-4204-BF33-2D1B9E0EEC97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E996FC1-0807-498D-B79B-3565D1DA3B79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{8F7B47CB-7C00-4264-AC67-60352D7CB4BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{91346376-126B-4BAE-A4E3-C6F7EFA07B47}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\klrun.exe | "{954944CA-1977-4D96-97CC-836E3738AED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9639EE0A-9A61-4617-8BB9-0CAAF62D6E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AC72E4F-F21C-4341-9239-D3ACD1C35C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A2B9C0CB-A8C8-42A0-8FEF-2A6C734DC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A4366EBB-FE8D-4B07-9A4B-6F4F6CBDE7CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A6FAFD37-A377-43FE-A3B6-C3F65E7AAE82}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | "{C3311FD0-C555-499B-8680-DF889C89261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBFEFBA7-C830-4FB7-A514-F60DC01C5D80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{41F4B18F-58A2-40E5-BAF7-F6BFE1B06BB6}C:\program files\jeak.de\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | "TCP Query User{42853F57-1022-4984-A8FB-3FAC8F0E15C0}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | "TCP Query User{575A1AAF-BBD9-42D3-87B6-8B890CA61805}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{DC0CBDAF-07D0-4449-A9ED-EBA64F74F6D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{EE82756B-D1C6-42FB-A393-449567705CAD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{470D66E6-F54C-4082-8C2C-134929FE0F52}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{836E3972-E9D2-41B0-B5FA-81C346037D41}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{BECD820D-1EB2-48CE-AFC0-43DF9FD61037}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{CF010F13-C495-4792-A9A4-0B5CE19D2339}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | "UDP Query User{F8F120C4-CE7A-4504-901D-51DCCF221648}C:\program files\jeak.de\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ASIO4ALL" = ASIO4ALL "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BAE V7.2" = BAE V7.2 "Bolzplatz 2006_is1" = Bolzplatz 2006, v1.0.3 "CCleaner" = CCleaner "Collab" = Collab "EroBottle" = EroBottle 4.6 "FL Studio 8" = FL Studio 8 "Flatcast_is1" = Flatcast 5.0 "foobar2000" = foobar2000 v0.9.5.6 "ICQToolbar" = ICQ Toolbar "IL Download Manager" = IL Download Manager "ImgBurn" = ImgBurn "LastFM_is1" = Last.fm 1.5.4.24567 "LM98Free 2.2a_is1" = LM98Free 2.2a "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatheGrafix 8_is1" = MatheGrafix Version 8 (build 03) "MediaJoin" = MediaJoin "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Mixxx" = Mixxx "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE "Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3 "NI Service Center" = NI Service Center "NVIDIA Drivers" = NVIDIA Drivers "oggcodecs" = FLAC codecs "OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit) "PoiZone" = PoiZone "PSpice Student" = PSpice Student 9.1 "Rainbow Sentinel Driver" = Sentinel System Driver "SMSERIAL" = Motorola SM56 Speakerphone Modem "Solve Elec_is1" = Solve Elec 2.5 "TurboPlot_is1" = TurboPlot v3.7a "USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "EroBottle-Extensions-Editor Vers. 1.5" = EroBottle-Extensions-Editor Vers. 1.5 "QIP Infium" = QIP Infium 2.0.9034 "QipGuard" = QIP Internet Guardian ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.01.2010 08:24:48 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 888 Anfangszeit: 01ca976fdd0b976d Zeitpunkt der Beendigung: 18 Error - 17.01.2010 08:33:01 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 17.01.2010 14:22:37 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 19.01.2010 11:14:47 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung VCExpress.exe, Version 9.0.30729.1, Zeitstempel 0x488f1715, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4574fe0c, Ausnahmecode 0xc0000005, Fehleroffset 0x0be74680, Prozess-ID 0x2c0, Anwendungsstartzeit 01ca99076ed4c427. Error - 19.01.2010 19:04:20 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel 0x4aa91411, fehlerhaftes Modul flvDX.dll, Version 1.0.0.1, Zeitstempel 0x445872ae, Ausnahmecode 0xc000000d, Fehleroffset 0x00025ed0, Prozess-ID 0x238, Anwendungsstartzeit 01ca99599ff4df71. Error - 21.01.2010 15:09:29 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 24.01.2010 08:25:37 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fd4 Anfangszeit: 01ca9cefbe005834 Zeitpunkt der Beendigung: 24 Error - 24.01.2010 08:25:59 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: cec Anfangszeit: 01ca9cf0566d5734 Zeitpunkt der Beendigung: 29 Error - 24.01.2010 09:34:19 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: f00 Anfangszeit: 01ca9cf064759094 Zeitpunkt der Beendigung: 21 Error - 27.01.2010 08:33:58 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67, Prozess-ID 0x9fc, Anwendungsstartzeit 01ca9f4c519381af. [ System Events ] Error - 07.09.2010 15:08:43 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 11:59:15 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 12:47:04 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 13:14:20 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
| Themen zu Backdooprogramm BDS/Papras.PK |
| 32-bit, autorun, avgntflt.sys, avira, avira guard, bho, bonjour, cdburnerxp, components, corp./icp, desktop, error, excel, excel.exe, firefox, firefox.exe, flash player, fontcache, helper, hijack.exefile, home, home premium, install.exe, installation, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, popup, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, software, sptd.sys, studio, svchost.exe, symantec, torrent.exe, trojan.agent.u, vista, visual studio, vlc media player |
Baum-Darstellung