Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Backdooprogramm BDS/Papras.PK

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 08.09.2010, 18:42   #1
shawn77
 
Backdooprogramm BDS/Papras.PK - Standard

Backdooprogramm BDS/Papras.PK



Hallo!

Ich habe seit 2 Tagen folgendes Problem:
Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK.

Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei von Malwarebyte, danach die beiden Dateien von OTL.

Vielen Dank schonmal im Vorraus für eure Hilfe!


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4572

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.09.2010 19:12:37
mbam-log-2010-09-08 (19-12-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133204
Laufzeit: 9 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\evenconv (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> No action taken.
         

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PE-PC
Current User Name: Pe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6D16E-BA14-4C00-A51F-D69CC1282D00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA12054-255B-4675-855C-B8ADB118ED28}" = rport=445 | protocol=6 | dir=out | app=system | 
"{11E5174A-5A0D-4BD1-9BC9-E826DA6C0478}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{125B846F-2101-4A50-8F26-37A3479FB677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3A6096E3-2922-4AE0-883D-6642A9A03A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3FCCC298-439E-43F0-AC88-5642EE33C02D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6D71E92E-DABA-4DC4-83D2-8719CDE08AA0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70750F3B-3448-48B1-9DB9-B0ED70B2C4D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78FD3E14-2362-4D4C-AEE4-74673F6CC815}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9FDC462D-7DB6-4E5C-B53C-8F193CB5D2C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A0FD3061-C609-4F00-B7FB-A371F31E28B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A659F963-5EFF-4AB6-B7FC-F6351D175E67}" = lport=3649 | protocol=6 | dir=in | name=217.86.167.3 | 
"{A9A80D5C-8EE4-44A1-A999-C0BAB3A341DA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B09B0B89-8C7E-4D9C-9529-603F85994157}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B8F8E66C-5684-4567-AD38-39AEC6674B31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC71539D-F06F-486B-8E42-90C3C15059F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6411E97-379E-4756-B6D4-A3E6BD0D9698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC5B2DBC-C5FE-4950-A2C3-0AB7968B4B85}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC078192-AC23-478B-9A00-D6ADA5BD8818}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F173E37D-9EE0-49F1-A997-CE32016F6341}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FB0F2E-936B-48F4-A2F8-93F0179509C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E199D53-1461-443A-B546-91A82B9C1CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{307045F9-8995-41E0-831F-4489C9128221}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{368E942A-37BA-4582-BA5B-4A8FBA467FDE}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\klrun.exe | 
"{3A8BC496-8162-497A-A275-02024ED27205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B1CBA3B-FE39-48A2-BF6C-20A4A13A0B78}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | 
"{3EC0C517-3D3D-4541-9669-E6F808FF5707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43B1097B-D18B-4276-A417-A2F8A19557DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A906F26-EB50-4FE3-8E31-69F28A139D61}" = protocol=6 | dir=out | app=system | 
"{4F486D76-D356-4F96-A913-142F15D57F07}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{52B515D4-9CEA-4411-9748-775A416C667A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5909977D-D3E6-4757-BC9A-468D87D1E502}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{603044B3-1FDB-481D-9181-E4A20C626BDA}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kanat.exe | 
"{6334E7D3-B87D-44C8-8601-CF85BAFEEEAB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6AFC7A70-529B-4C1B-AF41-2D4139804A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8729FC4A-35FE-4AF7-9E88-52E41D5ACAE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{880B326B-CC8E-46B0-81C7-7866FD4A8B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8859E349-94BA-4055-9B08-8611EBD95AD2}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kanat.exe | 
"{8B55DE3D-5167-4204-BF33-2D1B9E0EEC97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E996FC1-0807-498D-B79B-3565D1DA3B79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8F7B47CB-7C00-4264-AC67-60352D7CB4BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{91346376-126B-4BAE-A4E3-C6F7EFA07B47}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\klrun.exe | 
"{954944CA-1977-4D96-97CC-836E3738AED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9639EE0A-9A61-4617-8BB9-0CAAF62D6E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AC72E4F-F21C-4341-9239-D3ACD1C35C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A2B9C0CB-A8C8-42A0-8FEF-2A6C734DC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4366EBB-FE8D-4B07-9A4B-6F4F6CBDE7CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A6FAFD37-A377-43FE-A3B6-C3F65E7AAE82}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | 
"{C3311FD0-C555-499B-8680-DF889C89261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBFEFBA7-C830-4FB7-A514-F60DC01C5D80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{41F4B18F-58A2-40E5-BAF7-F6BFE1B06BB6}C:\program files\jeak.de\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | 
"TCP Query User{42853F57-1022-4984-A8FB-3FAC8F0E15C0}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"TCP Query User{575A1AAF-BBD9-42D3-87B6-8B890CA61805}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DC0CBDAF-07D0-4449-A9ED-EBA64F74F6D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EE82756B-D1C6-42FB-A393-449567705CAD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{470D66E6-F54C-4082-8C2C-134929FE0F52}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{836E3972-E9D2-41B0-B5FA-81C346037D41}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BECD820D-1EB2-48CE-AFC0-43DF9FD61037}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{CF010F13-C495-4792-A9A4-0B5CE19D2339}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"UDP Query User{F8F120C4-CE7A-4504-901D-51DCCF221648}C:\program files\jeak.de\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BAE V7.2" = BAE V7.2
"Bolzplatz 2006_is1" = Bolzplatz 2006, v1.0.3
"CCleaner" = CCleaner
"Collab" = Collab
"EroBottle" = EroBottle 4.6 
"FL Studio 8" = FL Studio 8
"Flatcast_is1" = Flatcast 5.0
"foobar2000" = foobar2000 v0.9.5.6
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.24567
"LM98Free 2.2a_is1" = LM98Free 2.2a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatheGrafix 8_is1" = MatheGrafix Version 8 (build 03)
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mixxx" = Mixxx
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NI Service Center" = NI Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = FLAC codecs
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)
"PoiZone" = PoiZone
"PSpice Student" = PSpice Student 9.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Solve Elec_is1" = Solve Elec 2.5
"TurboPlot_is1" = TurboPlot v3.7a
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EroBottle-Extensions-Editor Vers. 1.5" = EroBottle-Extensions-Editor Vers. 1.5
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2010 08:24:48 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 888  Anfangszeit: 01ca976fdd0b976d  Zeitpunkt der Beendigung:
 18
 
Error - 17.01.2010 08:33:01 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 17.01.2010 14:22:37 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 19.01.2010 11:14:47 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VCExpress.exe, Version 9.0.30729.1, Zeitstempel
 0x488f1715, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4574fe0c, Ausnahmecode 0xc0000005, Fehleroffset 0x0be74680,  Prozess-ID 0x2c0, 
Anwendungsstartzeit 01ca99076ed4c427.
 
Error - 19.01.2010 19:04:20 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
 0x4aa91411, fehlerhaftes Modul flvDX.dll, Version 1.0.0.1, Zeitstempel 0x445872ae,
 Ausnahmecode 0xc000000d, Fehleroffset 0x00025ed0,  Prozess-ID 0x238, Anwendungsstartzeit
 01ca99599ff4df71.
 
Error - 21.01.2010 15:09:29 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 24.01.2010 08:25:37 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fd4  Anfangszeit: 01ca9cefbe005834  Zeitpunkt der Beendigung:
 24
 
Error - 24.01.2010 08:25:59 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: cec  Anfangszeit: 01ca9cf0566d5734  Zeitpunkt der Beendigung:
 29
 
Error - 24.01.2010 09:34:19 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f00  Anfangszeit: 01ca9cf064759094  Zeitpunkt der Beendigung:
 21
 
Error - 27.01.2010 08:33:58 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67,  Prozess-ID 0x9fc, 
Anwendungsstartzeit 01ca9f4c519381af.
 
[ System Events ]
Error - 07.09.2010 15:08:43 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 11:59:15 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 12:47:04 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.09.2010 13:14:20 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

 

Themen zu Backdooprogramm BDS/Papras.PK
32-bit, autorun, avgntflt.sys, avira, avira guard, bho, bonjour, cdburnerxp, components, corp./icp, desktop, error, excel, excel.exe, firefox, firefox.exe, flash player, fontcache, helper, hijack.exefile, home, home premium, install.exe, installation, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, popup, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, software, sptd.sys, studio, svchost.exe, symantec, torrent.exe, trojan.agent.u, vista, visual studio, vlc media player




Ähnliche Themen: Backdooprogramm BDS/Papras.PK


  1. BDS/Papras.VZ
    Log-Analyse und Auswertung - 23.08.2011 (1)
  2. problem mit BDS/Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (28)
  3. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  4. BDS/Papras.OG
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (11)
  5. gefährliches Backdooprogramm BDS/Papras.PK
    Log-Analyse und Auswertung - 03.10.2010 (22)
  6. BDS/Papras.PR Eingefangen (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (1)
  7. Win32.Backdoor.Papras/A
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (25)
  8. TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  9. Tr/psw papras ab
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (14)
  10. TR/PSW.Papras.AB -#2
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (2)
  11. BDS.Papras.JX
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (17)
  12. BDS/Papras.KN in cmdnfig.dll
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (9)
  13. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  14. BDS/Papras.jx
    Log-Analyse und Auswertung - 08.07.2010 (1)
  15. BDS/Papras.JF [backdoor]
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (3)
  16. BDS/Papras.HE entfernen
    Log-Analyse und Auswertung - 13.06.2010 (1)
  17. BDS/Papras.GX
    Log-Analyse und Auswertung - 13.06.2010 (1)

Zum Thema Backdooprogramm BDS/Papras.PK - Hallo! Ich habe seit 2 Tagen folgendes Problem: Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK. Ich habe - Backdooprogramm BDS/Papras.PK...
Archiv
Du betrachtest: Backdooprogramm BDS/Papras.PK auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.