| |
| |||||||
Log-Analyse und Auswertung: Backdooprogramm BDS/Papras.PKWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.09.2010, 18:42
| #1 |
 |  Backdooprogramm BDS/Papras.PK Hallo! Ich habe seit 2 Tagen folgendes Problem: Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK. Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei von Malwarebyte, danach die beiden Dateien von OTL. Vielen Dank schonmal im Vorraus für eure Hilfe! Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4572
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
08.09.2010 19:12:37
mbam-log-2010-09-08 (19-12-37).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133204
Laufzeit: 9 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\evenconv (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> No action taken.
OTL.txt: Code:
ATTFilter OTL logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS) PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0 FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "143.93.243.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "143.93.243.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "143.93.243.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "143.93.243.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "143.93.243.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M] [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions [2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com [2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com [2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael [2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml [2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite [2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite [2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit [2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide [2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay [2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job [2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls [2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp [2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp [2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc [2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp [2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp [2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat [2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs [2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini [2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs [2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll [2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\OTL logfile created on: 08.09.2010 19:27:25 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS) PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0 FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "143.93.243.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "143.93.243.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "143.93.243.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "143.93.243.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "143.93.243.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M] [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions [2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com [2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com [2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael [2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml [2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite [2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite [2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit [2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide [2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay [2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job [2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls [2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp [2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp [2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc [2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp [2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp [2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat [2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs [2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini [2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs [2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll [2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll < End of report > \Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PE-PC Current User Name: Pe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E6D16E-BA14-4C00-A51F-D69CC1282D00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0CA12054-255B-4675-855C-B8ADB118ED28}" = rport=445 | protocol=6 | dir=out | app=system | "{11E5174A-5A0D-4BD1-9BC9-E826DA6C0478}" = lport=2869 | protocol=6 | dir=in | app=system | "{125B846F-2101-4A50-8F26-37A3479FB677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3A6096E3-2922-4AE0-883D-6642A9A03A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3FCCC298-439E-43F0-AC88-5642EE33C02D}" = lport=139 | protocol=6 | dir=in | app=system | "{6D71E92E-DABA-4DC4-83D2-8719CDE08AA0}" = rport=139 | protocol=6 | dir=out | app=system | "{70750F3B-3448-48B1-9DB9-B0ED70B2C4D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78FD3E14-2362-4D4C-AEE4-74673F6CC815}" = lport=138 | protocol=17 | dir=in | app=system | "{9FDC462D-7DB6-4E5C-B53C-8F193CB5D2C8}" = rport=138 | protocol=17 | dir=out | app=system | "{A0FD3061-C609-4F00-B7FB-A371F31E28B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A659F963-5EFF-4AB6-B7FC-F6351D175E67}" = lport=3649 | protocol=6 | dir=in | name=217.86.167.3 | "{A9A80D5C-8EE4-44A1-A999-C0BAB3A341DA}" = lport=10243 | protocol=6 | dir=in | app=system | "{B09B0B89-8C7E-4D9C-9529-603F85994157}" = lport=137 | protocol=17 | dir=in | app=system | "{B8F8E66C-5684-4567-AD38-39AEC6674B31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC71539D-F06F-486B-8E42-90C3C15059F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C6411E97-379E-4756-B6D4-A3E6BD0D9698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC5B2DBC-C5FE-4950-A2C3-0AB7968B4B85}" = rport=10243 | protocol=6 | dir=out | app=system | "{EC078192-AC23-478B-9A00-D6ADA5BD8818}" = rport=137 | protocol=17 | dir=out | app=system | "{F173E37D-9EE0-49F1-A997-CE32016F6341}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15FB0F2E-936B-48F4-A2F8-93F0179509C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2E199D53-1461-443A-B546-91A82B9C1CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{307045F9-8995-41E0-831F-4489C9128221}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{368E942A-37BA-4582-BA5B-4A8FBA467FDE}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\klrun.exe | "{3A8BC496-8162-497A-A275-02024ED27205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B1CBA3B-FE39-48A2-BF6C-20A4A13A0B78}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | "{3EC0C517-3D3D-4541-9669-E6F808FF5707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{43B1097B-D18B-4276-A417-A2F8A19557DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4A906F26-EB50-4FE3-8E31-69F28A139D61}" = protocol=6 | dir=out | app=system | "{4F486D76-D356-4F96-A913-142F15D57F07}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{52B515D4-9CEA-4411-9748-775A416C667A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{5909977D-D3E6-4757-BC9A-468D87D1E502}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{603044B3-1FDB-481D-9181-E4A20C626BDA}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kanat.exe | "{6334E7D3-B87D-44C8-8601-CF85BAFEEEAB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{6AFC7A70-529B-4C1B-AF41-2D4139804A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8729FC4A-35FE-4AF7-9E88-52E41D5ACAE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{880B326B-CC8E-46B0-81C7-7866FD4A8B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8859E349-94BA-4055-9B08-8611EBD95AD2}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kanat.exe | "{8B55DE3D-5167-4204-BF33-2D1B9E0EEC97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E996FC1-0807-498D-B79B-3565D1DA3B79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{8F7B47CB-7C00-4264-AC67-60352D7CB4BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{91346376-126B-4BAE-A4E3-C6F7EFA07B47}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\klrun.exe | "{954944CA-1977-4D96-97CC-836E3738AED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9639EE0A-9A61-4617-8BB9-0CAAF62D6E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AC72E4F-F21C-4341-9239-D3ACD1C35C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A2B9C0CB-A8C8-42A0-8FEF-2A6C734DC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A4366EBB-FE8D-4B07-9A4B-6F4F6CBDE7CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A6FAFD37-A377-43FE-A3B6-C3F65E7AAE82}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe | "{C3311FD0-C555-499B-8680-DF889C89261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBFEFBA7-C830-4FB7-A514-F60DC01C5D80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{41F4B18F-58A2-40E5-BAF7-F6BFE1B06BB6}C:\program files\jeak.de\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | "TCP Query User{42853F57-1022-4984-A8FB-3FAC8F0E15C0}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | "TCP Query User{575A1AAF-BBD9-42D3-87B6-8B890CA61805}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{DC0CBDAF-07D0-4449-A9ED-EBA64F74F6D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{EE82756B-D1C6-42FB-A393-449567705CAD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{470D66E6-F54C-4082-8C2C-134929FE0F52}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{836E3972-E9D2-41B0-B5FA-81C346037D41}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{BECD820D-1EB2-48CE-AFC0-43DF9FD61037}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{CF010F13-C495-4792-A9A4-0B5CE19D2339}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | "UDP Query User{F8F120C4-CE7A-4504-901D-51DCCF221648}C:\program files\jeak.de\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ASIO4ALL" = ASIO4ALL "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BAE V7.2" = BAE V7.2 "Bolzplatz 2006_is1" = Bolzplatz 2006, v1.0.3 "CCleaner" = CCleaner "Collab" = Collab "EroBottle" = EroBottle 4.6 "FL Studio 8" = FL Studio 8 "Flatcast_is1" = Flatcast 5.0 "foobar2000" = foobar2000 v0.9.5.6 "ICQToolbar" = ICQ Toolbar "IL Download Manager" = IL Download Manager "ImgBurn" = ImgBurn "LastFM_is1" = Last.fm 1.5.4.24567 "LM98Free 2.2a_is1" = LM98Free 2.2a "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatheGrafix 8_is1" = MatheGrafix Version 8 (build 03) "MediaJoin" = MediaJoin "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Mixxx" = Mixxx "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE "Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3 "NI Service Center" = NI Service Center "NVIDIA Drivers" = NVIDIA Drivers "oggcodecs" = FLAC codecs "OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit) "PoiZone" = PoiZone "PSpice Student" = PSpice Student 9.1 "Rainbow Sentinel Driver" = Sentinel System Driver "SMSERIAL" = Motorola SM56 Speakerphone Modem "Solve Elec_is1" = Solve Elec 2.5 "TurboPlot_is1" = TurboPlot v3.7a "USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "EroBottle-Extensions-Editor Vers. 1.5" = EroBottle-Extensions-Editor Vers. 1.5 "QIP Infium" = QIP Infium 2.0.9034 "QipGuard" = QIP Internet Guardian ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.01.2010 08:24:48 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 888 Anfangszeit: 01ca976fdd0b976d Zeitpunkt der Beendigung: 18 Error - 17.01.2010 08:33:01 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 17.01.2010 14:22:37 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 19.01.2010 11:14:47 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung VCExpress.exe, Version 9.0.30729.1, Zeitstempel 0x488f1715, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4574fe0c, Ausnahmecode 0xc0000005, Fehleroffset 0x0be74680, Prozess-ID 0x2c0, Anwendungsstartzeit 01ca99076ed4c427. Error - 19.01.2010 19:04:20 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel 0x4aa91411, fehlerhaftes Modul flvDX.dll, Version 1.0.0.1, Zeitstempel 0x445872ae, Ausnahmecode 0xc000000d, Fehleroffset 0x00025ed0, Prozess-ID 0x238, Anwendungsstartzeit 01ca99599ff4df71. Error - 21.01.2010 15:09:29 | Computer Name = Pe-PC | Source = RasClient | ID = 20227 Description = Error - 24.01.2010 08:25:37 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fd4 Anfangszeit: 01ca9cefbe005834 Zeitpunkt der Beendigung: 24 Error - 24.01.2010 08:25:59 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: cec Anfangszeit: 01ca9cf0566d5734 Zeitpunkt der Beendigung: 29 Error - 24.01.2010 09:34:19 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: f00 Anfangszeit: 01ca9cf064759094 Zeitpunkt der Beendigung: 21 Error - 27.01.2010 08:33:58 | Computer Name = Pe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67, Prozess-ID 0x9fc, Anwendungsstartzeit 01ca9f4c519381af. [ System Events ] Error - 07.09.2010 15:08:43 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 11:59:15 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 12:47:04 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 08.09.2010 13:14:20 | Computer Name = Pe-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
|
08.09.2010, 21:16
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdooprogramm BDS/Papras.PKZitat:
Aus den Regeln: 5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe) Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________ |
|
08.09.2010, 22:03
| #3 |
| | Backdooprogramm BDS/Papras.PK Okay, sorry.
__________________Also, AntiVir gibt folgendes aus: "In der Datei 'C:\Users\***\AppData\Local\Temp\DRWAanel.dll' wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PK' [backdoor] gefunden." Zusätzlich erscheint seit kurzem beim Starten des PCs eine Fehlermeldung, dass eben jene Datei (DRWAAnel.dll) nicht gefunden wurde! |
|
08.09.2010, 22:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdooprogramm BDS/Papras.PK Bitte routinemäßig erstmal einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.09.2010, 00:15
| #5 |
| | Backdooprogramm BDS/Papras.PK Okay, hier also die Log vom Vollscan mit Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4573
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
09.09.2010 01:04:06
mbam-log-2010-09-09 (01-04-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 279656
Laufzeit: 1 Stunde(n), 50 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\masm32\examples\dialogs\calender\calender.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\masm32\examples\dialogs\tests\tests.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\masm32\examples\exampl05\qeplugin\qeplugin.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\masm32\examples\exampl06\regdemo\regdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\masm32\tools\makecimp\vcrtdemo\vcrtdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\masm32\tutorial\dlltute\dll\dlltute.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
|
|
09.09.2010, 11:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdooprogramm BDS/Papras.PK Dann brauch ich jetzt ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Backdooprogramm BDS/Papras.PK |
|
09.09.2010, 12:22
| #7 |
| | Backdooprogramm BDS/Papras.PK Also die OTL.txt hab ich, aber wenn ich diesen Scan durchführe, spuckt mir das Programm keine Extras.txt aus? Hier ist die OTL.txt: Code:
ATTFilter OTL logfile created on: 09.09.2010 13:06:20 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,95 Gb Total Space | 0,63 Gb Free Space | 0,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PE-PC Current User Name: Pe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Pe\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS) PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\Pe\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation) MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MSDTC) -- File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\Pe\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0 FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "143.93.243.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "143.93.243.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "143.93.243.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "143.93.243.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "143.93.243.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 12:28:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 12:28:34 | 000,000,000 | ---D | M] [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Extensions [2010.09.08 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions [2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com [2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com [2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael [2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml [2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 90 Days ========== [2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite [2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite [2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit [2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide [2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay [2010.08.08 01:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Pe\AppData\Roaming\lowsec [2010.08.04 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\Apple Computer [2010.08.04 20:23:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.08.04 20:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.04 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.08.04 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.07.28 03:36:06 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\frisur surfer [2010.06.26 01:44:16 | 000,000,000 | ---D | C] -- C:\cd17054bb999cd88b41da75ac871 [2010.06.18 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.09 13:06:13 | 003,407,872 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT [2010.09.09 12:43:07 | 000,012,884 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\nvModes.001 [2010.09.09 12:26:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.09 12:26:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.09 12:26:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.09 12:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.09 12:25:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2010.09.09 01:17:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.09 01:17:38 | 000,065,536 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.09 01:17:37 | 000,524,288 | -HS- | M] () -- C:\Users\Pe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.09 01:17:13 | 000,985,706 | -H-- | M] () -- C:\Users\Pe\AppData\Local\IconCache.db [2010.09.08 22:57:02 | 000,012,884 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\nvModes.dat [2010.09.08 20:44:52 | 000,131,746 | ---- | M] () -- C:\Users\Pe\Desktop\gde2_klausur_s2009_mit_lsg.pdf [2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job [2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\Pe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\Pe\Desktop\Aufgaben Barentin.xls [2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\Pe\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\Pe\Documents\jeah.axp [2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\Pe\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\Pe\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\Pe\Documents\eah.axp [2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.05 14:27:36 | 000,018,680 | ---- | M] () -- C:\Users\Pe\Documents\pardy.dxp [2010.08.03 23:31:32 | 000,007,298 | ---- | M] () -- C:\Users\Pe\Desktop\Mannschaftskader.zip [2010.07.31 19:20:14 | 000,001,683 | ---- | M] () -- C:\Users\Pe\Documents\28day.axp [2010.07.31 19:17:37 | 007,941,872 | ---- | M] () -- C:\Users\Pe\Tricky - Black Steel.mp3 [2010.07.25 19:53:31 | 000,954,254 | ---- | M] () -- C:\Users\Pe\Desktop\was_ist_rugby.pdf [2010.07.23 01:52:02 | 000,003,338 | ---- | M] () -- C:\Users\Pe\Documents\cd.axp [2010.07.19 21:36:29 | 000,013,824 | ---- | M] () -- C:\Users\Pe\Documents\mathe2.xls [2010.07.17 07:35:05 | 000,210,705 | ---- | M] () -- C:\Users\Pe\Desktop\Beschluss EinEuroParty-1.pdf [2010.07.12 02:04:14 | 000,207,360 | ---- | M] () -- C:\Users\Pe\Documents\WM 2010 Spielplan.xls [2010.07.07 11:39:49 | 000,012,474 | ---- | M] () -- C:\Users\Pe\Documents\wichsa.dxp [2010.06.14 20:58:29 | 019,243,053 | ---- | M] () -- C:\Users\Pe\Desktop\Titanic_2000_August_Web.pdf [2010.06.12 11:53:43 | 000,019,817 | ---- | M] () -- C:\Users\Pe\Documents\_40824317_rugby5.jpg [1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.08 20:44:52 | 000,131,746 | ---- | C] () -- C:\Users\Pe\Desktop\gde2_klausur_s2009_mit_lsg.pdf [2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\Pe\Desktop\Aufgaben Barentin.xls [2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\Pe\Desktop\Artikel DJK Andernach - RC Barentin.doc [2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\Pe\Documents\jeah.axp [2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\Pe\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg [2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\Pe\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls [2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\Pe\Documents\eah.axp [2010.08.05 14:27:36 | 000,018,680 | ---- | C] () -- C:\Users\Pe\Documents\pardy.dxp [2010.08.03 23:31:31 | 000,007,298 | ---- | C] () -- C:\Users\Pe\Desktop\Mannschaftskader.zip [2010.07.31 19:20:13 | 000,001,683 | ---- | C] () -- C:\Users\Pe\Documents\28day.axp [2010.07.31 19:17:16 | 007,941,872 | ---- | C] () -- C:\Users\Pe\Tricky - Black Steel.mp3 [2010.07.27 03:39:50 | 000,407,605 | ---- | C] () -- C:\Users\Pe\Desktop\89762-050-F63E94E9.jpg [2010.07.25 19:53:31 | 000,954,254 | ---- | C] () -- C:\Users\Pe\Desktop\was_ist_rugby.pdf [2010.07.23 01:43:38 | 000,003,338 | ---- | C] () -- C:\Users\Pe\Documents\cd.axp [2010.07.19 21:20:40 | 000,013,824 | ---- | C] () -- C:\Users\Pe\Documents\mathe2.xls [2010.07.17 07:35:03 | 000,210,705 | ---- | C] () -- C:\Users\Pe\Desktop\Beschluss EinEuroParty-1.pdf [2010.07.07 11:39:48 | 000,012,474 | ---- | C] () -- C:\Users\Pe\Documents\wichsa.dxp [2010.06.14 20:53:45 | 019,243,053 | ---- | C] () -- C:\Users\Pe\Desktop\Titanic_2000_August_Web.pdf [2010.06.12 11:53:41 | 000,019,817 | ---- | C] () -- C:\Users\Pe\Documents\_40824317_rugby5.jpg [2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\jasltw.dat [2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\Pe\AppData\Local\5720XLfeqCs [2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini [2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\Solve Elec 2.5 Prefs [2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\Pe\AppData\Local\d3d9caps.dat [2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\Pe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\nvModes.001 [2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\nvModes.dat [2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll [2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll ========== LOP Check ========== [2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE [2008.10.11 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Canneverbe_Limited [2008.09.21 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\DeepBurner [2010.08.30 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.09.09 01:13:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\foobar2000 [2010.01.25 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ICQ [2009.09.17 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ImgBurn [2009.11.06 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\IrfanView [2009.08.11 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Kazaa Lite [2010.08.10 03:11:56 | 000,000,000 | -HSD | M] -- C:\Users\Pe\AppData\Roaming\lowsec [2009.10.29 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mathegrafix [2008.10.13 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\OpenOffice.org [2010.01.26 03:46:06 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QIP [2010.03.15 15:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QipGuard [2008.11.08 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Sony [2010.09.06 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\uTorrent [2010.09.09 01:17:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE [2008.09.17 22:39:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Adobe [2008.09.30 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\AdobeUM [2010.08.04 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Apple Computer [2008.10.11 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Canneverbe_Limited [2008.09.21 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\DeepBurner [2010.08.30 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\EB-Edit [2010.09.09 01:13:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\foobar2000 [2010.01.25 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ICQ [2008.09.17 11:27:14 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Identities [2009.09.17 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\ImgBurn [2008.09.17 11:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\InstallShield [2009.11.06 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\IrfanView [2009.08.11 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Kazaa Lite [2010.08.10 03:11:56 | 000,000,000 | -HSD | M] -- C:\Users\Pe\AppData\Roaming\lowsec [2008.09.17 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Macromedia [2010.03.04 01:33:29 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Malwarebytes [2009.10.29 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\mathegrafix [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Media Center Programs [2008.09.25 10:29:17 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Media Player Classic [2010.02.03 20:18:23 | 000,000,000 | --SD | M] -- C:\Users\Pe\AppData\Roaming\Microsoft [2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Mozilla [2008.10.13 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\OpenOffice.org [2010.01.26 03:46:06 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QIP [2010.03.15 15:11:09 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\QipGuard [2010.04.23 12:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Real [2008.11.08 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\Sony [2009.03.23 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\U3 [2010.09.06 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\uTorrent [2010.09.02 01:29:28 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\vlc [2008.09.17 22:47:55 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.03.10 01:03:48 | 000,003,310 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe [2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe [2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe [2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe [2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe [2009.03.10 01:03:48 | 000,001,078 | R--- | M] () -- C:\Users\Pe\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe [2010.04.05 13:51:07 | 001,988,464 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Users\Pe\AppData\Roaming\QIP\Profiles\pe-86\RcvdFiles\Mickey_407351354\disk-defrag-screen-saver-11150.exe [2010.04.05 13:52:47 | 000,475,760 | ---- | M] (Auslogics) -- C:\Users\Pe\AppData\Roaming\QIP\Profiles\pe-86\RcvdFiles\Mickey_407351354\DiskDefrag.exe [2010.03.12 15:20:56 | 000,184,272 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe [2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Pe\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Pe\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.09.17 22:15:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.09.17 22:15:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.09.17 22:15:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.01.27 11:21:06 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=37AF8406C1CD1CB4348B335523F0E4DA -- C:\Windows\System32\drivers\nvstor32.sys [2007.01.27 11:21:06 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=37AF8406C1CD1CB4348B335523F0E4DA -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e40327a6\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.09.17 21:48:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.09.17 21:48:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.11.30 17:56:36 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > |
|
09.09.2010, 13:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdooprogramm BDS/Papras.PK Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - (MSDTC) -- File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
O4 - HKCU..\Run: [Driver Updater] File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2010.06.07 20:38:16 | 000,000,000 | ---D | M] -- C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\Pe\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\Pe\AppData\Roaming\jasltw.dat
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.08 01:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Pe\AppData\Roaming\lowsec
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2010, 21:15
| #9 |
| | Backdooprogramm BDS/Papras.PK So hier: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named MSDTC was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC deleted successfully.
File File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "hxxp://search.qip.ru/search?from=FF&query=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "143.93.243.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "143.93.243.1" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "143.93.243.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "143.93.243.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "143.93.243.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Updater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656d6693-d735-11dd-af09-002215297035}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656d6693-d735-11dd-af09-002215297035}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656d6693-d735-11dd-af09-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656d6693-d735-11dd-af09-002215297035}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\ not found.
File E:\programs\nu2menu\nu2menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84734a14-5364-11de-9a45-002215297035}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84734a14-5364-11de-9a45-002215297035}\ not found.
File E:\HEILER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe not found.
C:\Users\Pe\AppData\Roaming\657669FA57EBB3CBF877A5FB047711CE folder moved successfully.
C:\Users\Pe\AppData\Local\5720XLfeqCs moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\Users\Pe\AppData\Roaming\jasltw.dat moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\Pe\AppData\Roaming\lowsec folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pe
->Temp folder emptied: 12037237 bytes
->Temporary Internet Files folder emptied: 577034 bytes
->Java cache emptied: 20822286 bytes
->FireFox cache emptied: 90557787 bytes
->Flash cache emptied: 76763 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6899619 bytes
RecycleBin emptied: 19105603 bytes
Total Files Cleaned = 143,00 mb
OTL by OldTimer - Version 3.2.11.0 log created on 09092010_220131
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
09.09.2010, 21:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdooprogramm BDS/Papras.PK Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2010, 23:09
| #11 |
| | Backdooprogramm BDS/Papras.PK Hier die Combofix-Log: Code:
ATTFilter ComboFix 10-09-09.03 - Pe 09.09.2010 23:52:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1289 [GMT 2:00]
ausgeführt von:: c:\users\Pe\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-09 bis 2010-09-09 ))))))))))))))))))))))))))))))
.
2010-09-09 20:07 . 2010-09-09 21:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-09 20:01 . 2010-09-09 20:01 -------- d-----w- C:\_OTL
2010-09-02 12:44 . 2010-09-02 20:22 -------- d-----w- c:\program files\Kazaa Lite
2010-09-02 12:40 . 2010-09-02 20:22 -------- d-----w- c:\program files\K-Lite
2010-08-30 18:59 . 2010-08-30 18:59 -------- d-----w- c:\users\Pe\AppData\Roaming\EB-Edit
2010-08-30 18:59 . 2010-08-30 18:59 -------- d-----w- c:\program files\EB-Edit
2010-08-18 20:09 . 2010-08-18 20:09 -------- d-----w- c:\program files\Cyanide
2010-08-15 17:23 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-15 17:23 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-15 17:23 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-15 17:22 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-15 17:22 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 17:22 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-15 17:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-15 17:21 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-15 17:21 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-15 17:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-15 17:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 17:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 21:44 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-09 21:39 . 2008-09-18 18:37 12884 ----a-w- c:\users\Pe\AppData\Roaming\nvModes.dat
2010-09-09 20:01 . 2010-03-15 13:11 -------- d-----w- c:\users\Pe\AppData\Roaming\QipGuard
2010-09-09 20:01 . 2008-09-18 19:15 -------- d-----w- c:\program files\ICQ6Toolbar
2010-09-08 23:13 . 2008-10-01 13:12 -------- d-----w- c:\users\Pe\AppData\Roaming\foobar2000
2010-09-08 16:47 . 2010-03-03 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-05 23:42 . 2010-04-15 19:20 -------- d-----w- c:\users\Pe\AppData\Roaming\uTorrent
2010-09-01 23:29 . 2010-04-06 23:09 -------- d-----w- c:\users\Pe\AppData\Roaming\vlc
2010-09-01 13:16 . 2007-04-18 09:14 623280 ----a-w- c:\windows\system32\perfh007.dat
2010-09-01 13:16 . 2007-04-18 09:14 125184 ----a-w- c:\windows\system32\perfc007.dat
2010-08-24 17:23 . 2009-12-09 16:20 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 17:14 . 2008-09-17 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 00:19 . 2009-07-16 17:59 -------- d-----w- c:\program files\ICQ6.5
2010-08-04 20:22 . 2010-08-04 18:24 -------- d-----w- c:\users\Pe\AppData\Roaming\Apple Computer
2010-08-04 20:12 . 2009-08-14 16:19 -------- d-----w- c:\programdata\Apple
2010-08-04 18:23 . 2010-08-04 18:21 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-04 18:21 . 2008-11-08 16:51 -------- d-----w- c:\programdata\Apple Computer
2010-08-04 18:19 . 2008-11-08 16:51 -------- d-----w- c:\program files\QuickTime
2010-08-04 18:14 . 2010-08-04 18:14 -------- d-----w- c:\program files\Apple Software Update
2010-08-04 18:09 . 2010-08-04 18:09 -------- d-----w- c:\program files\Bonjour
2010-07-19 13:20 . 2009-08-14 17:02 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-19 13:20 . 2009-08-14 16:56 -------- d-----w- c:\program files\Microsoft.NET
2010-06-18 21:52 . 2010-06-18 21:52 55 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2010-06-18 21:52 . 2010-06-18 21:52 683801 ----a-w- c:\programdata\Last.fm\Client\UninstFoo3\unins000.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-19 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiFrame.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MultiFrame.lnk
backup=c:\windows\pss\MultiFrame.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-17 15:48 37232 ----a-w- c:\windows\ASScrProlog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-17 15:48 33136 ----a-w- c:\windows\ASScrPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-01-15 22:17 778240 ----a-w- c:\program files\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2009-12-05 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2009-12-05 21600]
R3 cpuz129;cpuz129;c:\users\Pe\AppData\Local\Temp\cpuz_x32.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-11-30 639224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-09 c:\windows\Tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-22 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {1A7B0A68-3283-400A-93DC-157BF0A1D8D3} = 212.7.160.2 212.7.160.9
FF - ProfilePath - c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Pe\AppData\Roaming\Mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-BCD3000 - c:\windows\system32\bcd3kcpan.exe
MSConfigStartUp-BitTorrent DNA - c:\users\Pe\Program Files\DNA\btdna.exe
AddRemove-QipGuard - c:\users\Pe\AppData\Roaming\QipGuard\QipGuard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-10 00:02
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2696516153-3433871498-291650200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}*]
@Allowed: (Read) (RestrictedCode)
"iaaicmdpbihpnfphdl"=hex:6b,61,6d,6b,65,6e,65,63,65,6d,64,6d,6d,67,6e,65,6e,6b,
67,63,6e,61,00,00
"hakhiohogdmlekin"=hex:6b,61,6d,6b,65,6e,65,63,65,6d,64,6d,6d,67,6e,65,6e,6b,
67,63,6e,61,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-09-10 00:05:39
ComboFix-quarantined-files.txt 2010-09-09 22:05
Vor Suchlauf: 651.399.168 Bytes frei
Nach Suchlauf: 577.892.352 Bytes frei
- - End Of File - - 693D779044FDCBD903C2321ABC36ECBF
|
|
10.09.2010, 09:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdooprogramm BDS/Papras.PK Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2010, 16:05
| #13 |
| | Backdooprogramm BDS/Papras.PK GMER: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-10 17:04:10
Windows 6.0.6002 Service Pack 2
Running: 36lrbx63.exe; Driver: C:\Users\Pe\AppData\Local\Temp\pgldapoc.sys
---- System - GMER 1.0.15 ----
SSDT 9CF334BC ZwCreateThread
SSDT 9CF334A8 ZwOpenProcess
SSDT 9CF334AD ZwOpenThread
SSDT 9CF334B7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 826E5984 4 Bytes [BC, 34, F3, 9C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 826E5B54 4 Bytes [A8, 34, F3, 9C]
.text ntkrnlpa.exe!KeSetEvent + 40D 826E5B70 4 Bytes [AD, 34, F3, 9C] {LODSD ; XOR AL, 0xf3; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 621 826E5D84 4 Bytes [B7, 34, F3, 9C]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CC0B340, 0x2946A7, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfc12d2b7
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfc12d2b7 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}@iaaicmdpbihpnfphdl 0x6B 0x61 0x6D 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCAE79F3-9C3E-09EB-8598-8EAEA8C93EEA}@hakhiohogdmlekin 0x6B 0x61 0x6D 0x6B ...
---- EOF - GMER 1.0.15 ----
|
|
10.09.2010, 16:12
| #14 |
| | Backdooprogramm BDS/Papras.PK OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:11:39 on 10.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "applet.cpl" - "jeak.de" - C:\Windows\system32\applet.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Behringer BCD3000 V1.1.2.0" (BCD3000) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCD3000.SYS "Behringer BCD3000WDM V1.1.2.0" (BCD3000WDM) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCD3000WDM.SYS "catchme" (catchme) - ? - C:\Users\Pe\AppData\Local\Temp\catchme.sys (File not found) "cpuz129" (cpuz129) - ? - C:\Users\Pe\AppData\Local\Temp\cpuz_x32.sys (File not found) "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "ipswuio" (ipswuio) - ? - C:\Windows\System32\DRIVERS\ipswuio.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pgldapoc" (pgldapoc) - ? - C:\Users\Pe\AppData\Local\Temp\pgldapoc.sys (Hidden registry entry, rootkit activity | File not found) "Rainbow USB SuperPro" (Sntnlusb) - "Rainbow Technologies Inc." - C:\Windows\System32\DRIVERS\SNTNLUSB.SYS "Sentinel" (Sentinel) - "Rainbow Technologies, Inc." - C:\Windows\System32\Drivers\SENTINEL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "WCPU" (WCPU) - "Windows (R) Codename Longhorn DDK provider" - C:\Program Files\P4G\WCPU.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {3A1A93A8-B021-4483-8485-1CBBD3AADD35} "Infotip.DDBFileHandler" - ? - C:\Program Files\BAE\bae\baeinfo.dll (File found, but it contains no detailed information) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Pe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ATKMEDIA" - "ASUSTeK Computer INC." - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
10.09.2010, 16:18
| #15 |
| | Backdooprogramm BDS/Papras.PK Bootkit Remover: Erst mal kommt eine Fehlermeldung beim Öffnen: "ATA_PASS_TROUGH_DIRECT is not supported by your disk controller. SCSI_PASS_TROUGH_DIRECT will be use for disk I/O." dann Ausgabe: Bootkit Remover (c) 2009 eSage Lab esage lab - main Program version: 1.2.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`b5900000 ATA_Read(): DeviceIoControl() ERROR 1 Boot sector MD5 is: ce1f92f8dc2583dab8e491967abacde8 Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
|
| Themen zu Backdooprogramm BDS/Papras.PK |
| 32-bit, autorun, avgntflt.sys, avira, avira guard, bho, bonjour, cdburnerxp, components, corp./icp, desktop, error, excel, excel.exe, firefox, firefox.exe, flash player, fontcache, helper, hijack.exefile, home, home premium, install.exe, installation, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, popup, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, software, sptd.sys, studio, svchost.exe, symantec, torrent.exe, trojan.agent.u, vista, visual studio, vlc media player |
Textbox.
.
Linear-Darstellung
