| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BDS/Papras.PR - ist mein PC frei davon?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2010, 13:35
| #1 |
| |  BDS/Papras.PR - ist mein PC frei davon? Ich hatte mir wie viele auch einen Papras eingefangen. Antivir meldete schon vor einigen Tagen das erste Mal: In der Datei 'C:\Users\Florian\AppData\Local\Temp\cmdlPING.dll' wurde ein Virus oder unerwünschtes Programm 'BDS/Papras.PR' [backdoor] gefunden. Vorgestern ließ sich dann mein Laptop nicht mehr hochfahren. Nach dem Windows 7 - Logo kam schwarzer Bildschirm mit mauzeiger drauf, der sich auch bewegen ließ, aber sonst passierte nichts. Dann kam mitunter ein Bluescreen und er startet neu mit der Meldung "Non-system Disk or disk error". Laut HP Diagnosetool war Festplatte kaputt. Laut Windowseigener Diagnose nicht und das Ding ließ sich gestern durch starthilfe bzw. Systemwiederherstellung wiederherstellen. Daher meine erste Frage: Kann dies alles mit einem Virus, bzw. mit Papras erklärt werden? Dann habe ich nachdem er wieder lief natürlich gleich AntiVir Komplett-Scan gemacht, Papras wurde gefunden und für Löschen nach Neustart vorgemerkt. Malwarebytes wurde ebenfalls drüberlaufen gelassen. Fand auch mehreres. Nach Neustart fand AntiVir den Papras nicht mehr und auch im Explorer war er an dem Ort, an dem er sich vorher befand nicht mehr zu sehen. Bis jetzt kam auch keine Meldung des AntiVir-Guards mehr. Malwarebytes fand ihn auch nicht mehr, als ich es heute erneut durchlaufen ließ, aber einen anderen Wurm. Ist mein System jetzt etwa so einfach locker flockig von Papras frei? Wie kann ich das rausfinden? Hier der Malwarebytes-Log. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4595
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.09.2010 00:45:45
mbam-log-2010-09-12 (00-45-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 336946
Laufzeit: 1 Stunde(n), 53 Minute(n), 49 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ciphssvc (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1d61c2a8-5212-d79a-0646-b3cfa1af8c48} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Florian\AppData\Roaming\Neovxi\xeko.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 12.09.2010 01:00:45 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,88 Gb Total Space | 127,47 Gb Free Space | 57,19% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,43 Gb Free Space | 15,92% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1021,00 Mb Total Space | 991,69 Mb Free Space | 97,13% Space Free | Partition Type: FAT32 Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HP-NOTEBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Bandoo\Bandoo.exe (Discordia Limited) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE (GMX GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) PRC - C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG) PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - c:\Programme\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Discordia Limited) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (ASBroker) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (IFXSpMgtSrv) -- C:\Programme\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) SRV - (PersonalSecureDriveService) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG) SRV - (IFXTCS) -- C:\Programme\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (uigxrdr) -- C:\Windows\System32\drivers\uigxrdr.SYS (GMX GmbH) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys () DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (eabusb) -- C:\Windows\System32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.orf.at" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.5 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.26 18:32:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.26 18:32:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.03 03:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.26 18:32:43 | 000,000,000 | ---D | M] [2009.12.03 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.12.03 16:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.06 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions [2009.11.29 01:20:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.15 18:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.15 11:56:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.01 23:04:54 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2010.01.11 00:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\firefox@bandoo.com [2010.02.08 02:08:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0j3ze39p.default\extensions\moveplayer@movenetworks.com [2010.04.06 10:08:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.10 01:21:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.10 01:21:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.10 01:21:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.09 11:46:54 | 000,000,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearch.xml [2010.08.10 01:21:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.10 01:21:21 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKCU..\Run: [{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}] C:\Users\***\AppData\Roaming\Neovxi\xeko.exe File not found O4 - HKCU..\Run: [GMX_GMX Upload-Manager] C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE (GMX GmbH) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\hewlet~1\iam\bin\apshook.dll) - c:\Programme\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.) O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SWSETUP\APPINSTL\setup.exe -- File not found O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell - "" = AutoRun O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell - "" = AutoRun O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell - "" = AutoRun O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.12 00:48:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.09.11 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.11 22:40:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.11 22:40:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.11 22:40:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.11 22:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.11 22:39:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\mbam146-setup.exe [2010.09.10 01:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2010.09.08 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2010.09.08 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Panasonic [2010.09.08 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SD KARTE [2010.09.08 18:53:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panasonic [2010.09.08 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic [2010.09.08 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2010.09.08 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Programmdateien [2010.09.07 19:26:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\cerasus.media [2010.09.06 01:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FreePDF_XP [2010.09.04 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Berlin [2010.08.31 12:01:48 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP [2010.08.31 12:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF [2010.08.31 11:52:47 | 000,000,000 | ---D | C] -- C:\Programme\PDF Blender [2010.08.26 18:31:55 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.26 18:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.08.23 15:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus [2009.10.02 19:56:42 | 000,186,928 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.10.09 04:28:56 | 000,195,112 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.12 01:01:00 | 004,980,736 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.09.12 00:57:54 | 000,463,676 | ---- | M] () -- C:\Users\***\Desktop\cc_20100912_005718.reg [2010.09.12 00:48:30 | 001,574,526 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.12 00:48:30 | 000,682,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.12 00:48:30 | 000,639,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.12 00:48:30 | 000,142,316 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.12 00:48:30 | 000,116,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.12 00:48:20 | 000,000,969 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.09.12 00:46:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vysgy.sys [2010.09.12 00:33:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.11 22:40:10 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.11 22:39:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\mbam146-setup.exe [2010.09.11 21:33:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.11 20:56:59 | 000,011,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.11 20:56:59 | 000,011,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.11 20:52:14 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.09.11 20:50:27 | 000,155,760 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.11 20:49:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 20:49:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 20:49:45 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TM.blf [2010.09.11 20:49:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.11 20:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.11 20:48:55 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys [2010.09.11 19:30:16 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2010.09.10 02:01:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000002.regtrans-ms [2010.09.10 02:01:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000001.regtrans-ms [2010.09.10 02:01:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TM.blf [2010.09.09 12:38:38 | 061,184,157 | ---- | M] () -- C:\Users\***\Desktop\jensi1.zip.part [2010.09.08 22:41:53 | 001,622,133 | ---- | M] () -- C:\Users\***\Desktop\IMG_5788.JPG [2010.09.08 22:27:17 | 001,623,469 | ---- | M] () -- C:\Users\***\Desktop\IMG_5765.JPG [2010.09.06 23:40:31 | 000,019,968 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.06 01:09:22 | 000,024,604 | ---- | M] () -- C:\Users\***\Desktop\bestellbestätigung CAM.pdf [2010.09.05 18:07:34 | 047,995,904 | ---- | M] () -- C:\Users\***\video01.mov [2010.09.05 00:30:58 | 001,850,468 | ---- | M] () -- C:\Users\***\Desktop\Gutachten_Gottlieb[2].pdf [2010.08.31 11:59:39 | 016,357,376 | ---- | M] () -- C:\Users\***\gs871w32.exe [2010.08.31 11:52:47 | 000,001,000 | ---- | M] () -- C:\Users\***\Desktop\PDF Blender.lnk [2010.08.26 18:32:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.23 15:32:47 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\MAXQDA 10.lnk [2010.08.16 16:14:37 | 000,060,530 | ---- | M] () -- C:\Users\***\Desktop\Hey Mikhail.pdf [2010.08.16 11:15:27 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$y Mikhail.doc [2010.08.14 12:51:42 | 000,524,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.12 00:57:30 | 000,463,676 | ---- | C] () -- C:\Users\***\Desktop\cc_20100912_005718.reg [2010.09.12 00:48:20 | 000,000,969 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.09.12 00:46:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vysgy.sys [2010.09.11 22:40:10 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.11 20:49:46 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 20:49:46 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 20:49:45 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{35033ae8-bdd5-11df-bd40-00247eb4e609}.TM.blf [2010.09.11 19:30:16 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2010.09.10 02:01:07 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000002.regtrans-ms [2010.09.10 02:01:06 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TMContainer00000000000000000001.regtrans-ms [2010.09.10 02:01:06 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{18aacc13-bc67-11df-b09a-d786f9ae9018}.TM.blf [2010.09.09 01:02:15 | 061,184,157 | ---- | C] () -- C:\Users\***\Desktop\jensi1.zip.part [2010.09.09 00:22:22 | 000,016,896 | -HS- | C] () -- C:\Users\***\Thumbs.db [2010.09.08 22:40:36 | 001,622,133 | ---- | C] () -- C:\Users\***\Desktop\IMG_5788.JPG [2010.09.08 22:26:15 | 001,623,469 | ---- | C] () -- C:\Users\***\Desktop\IMG_5765.JPG [2010.09.06 01:09:22 | 000,024,604 | ---- | C] () -- C:\Users\***\Desktop\bestellbestätigung CAM.pdf [2010.09.05 18:07:14 | 047,995,904 | ---- | C] () -- C:\Users\***\video01.mov [2010.09.05 00:30:58 | 001,850,468 | ---- | C] () -- C:\Users\***\Desktop\Gutachten_Gottlieb[2].pdf [2010.08.31 12:01:50 | 000,119,152 | ---- | C] () -- C:\Windows\System32\redmon.hlp [2010.08.31 12:01:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.08.31 12:01:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.08.31 11:59:33 | 016,357,376 | ---- | C] () -- C:\Users\***\gs871w32.exe [2010.08.31 11:52:47 | 000,001,000 | ---- | C] () -- C:\Users\***\Desktop\PDF Blender.lnk [2010.08.26 18:32:30 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.23 15:18:50 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\MAXQDA 10.lnk [2010.08.16 16:14:37 | 000,060,530 | ---- | C] () -- C:\Users\***\Desktop\Hey Mikhail.pdf [2010.08.16 11:15:27 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$y Mikhail.doc [2010.01.10 19:27:26 | 000,019,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.10 20:23:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.28 02:21:09 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2009.11.28 02:21:09 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2009.11.28 02:21:09 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2009.11.28 02:18:16 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.11.28 02:18:16 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.11.24 02:44:40 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2009.11.24 02:41:16 | 000,000,033 | ---- | C] () -- C:\Windows\WININIT.INI [2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt [2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt [2009.11.24 02:08:04 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt [2009.11.24 02:07:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.11.24 01:59:04 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.29 16:30:16 | 000,109,216 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.29 17:10:06 | 000,300,600 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2008.10.09 04:32:46 | 001,810,856 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.10.09 04:31:10 | 000,034,856 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.06.17 13:25:55 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.06.17 13:25:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.06.17 13:25:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.06.17 13:25:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.06.17 13:25:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.06.17 13:25:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.06.17 13:06:29 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2006.05.19 18:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll [1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2010.02.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.06.09 01:10:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2010.08.23 17:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2010.01.11 00:26:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bandoo [2010.09.07 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cerasus.media [2010.07.22 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.06.15 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.22 21:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX [2010.06.22 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2009.11.24 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Infineon [2009.11.24 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2010.07.03 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXQDA10 [2010.07.21 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound [2010.09.12 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neovxi [2010.08.27 01:41:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2009.11.27 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Revolver Preferences [2010.07.22 21:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2009.12.03 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2009.11.27 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2010.09.11 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zudu [2009.11.24 02:23:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716} [2010.06.10 23:33:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2010 01:00:45 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 127,47 Gb Free Space | 57,19% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,43 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1021,00 Mb Total Space | 991,69 Mb Free Space | 97,13% Space Free | Partition Type: FAT32
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24843DF0-CDC7-4BDF-B68E-F529DFC00D3E}" = HP ProtectTools Security Manager
"{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Wiederbeschaffung bei Diebstahl
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4534DDFE-E33F-4CA3-89A4-F1E9CA001B5F}" = HP ESU for Microsoft Windows 7
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6D3E1598-2B10-4DE8-A072-4B9B6AC302C4}" = HP User Guides 0097
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{819F6BAD-35DA-4094-BCE6-F57AACE116D1}" = ESU for Microsoft Vista SP1
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8595812B-9104-4196-B629-FD298D819399}" = HP User Guides 0097
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{85FBB6CC-82ED-47BA-9F9D-5F6313D75955}" = Embedded Security for HP ProtectTools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}" = HP 3D DriveGuard
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{BEF99123-C1DC-479B-9445-DE3E026F320E}" = HP JavaCard for HP ProtectTools
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6D9BF7C-2C34-4EC1-8ECC-10AFA15BEA66}" = HP Wallpaper
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FreePDF_XP" = FreePDF (Remove only)
"GMX Upload-Manager" = GMX Upload-Manager
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP QuickLook 2_is1" = HP QuickLook 2
"HyperCam 3" = HyperCam 3
"InstallShield_{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA10" = MAXQDA 10 (R070610)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"Orbit_is1" = Orbit Downloader
"PDF Blender" = PDF Blender
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Scribe" = Express Scribe
"Spotify" = Spotify
"ST5UNST #1" = Backgammon Deluxe
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Edit Magic 4_is1" = Video Edit Magic 4.4
"VideoPad" = VideoPad Video Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
13.09.2010, 12:16
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BDS/Papras.PR - ist mein PC frei davon? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&q="
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}] C:\Users\***\AppData\Roaming\Neovxi\xeko.exe File not found
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SWSETUP\APPINSTL\setup.exe -- File not found
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell - "" = AutoRun
O33 - MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell - "" = AutoRun
O33 - MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell - "" = AutoRun
O33 - MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
[2010.09.12 00:46:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vysgy.sys
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
:Files
C:\Users\***\AppData\Roaming\Neovxi
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
13.09.2010, 22:57
| #3 |
| | BDS/Papras.PR - ist mein PC frei davon? Vielen Dank. Habe das gemacht, hier ist das log-file:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D61C2A8-5212-D79A-0646-B3CFA1AF8C48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01dbaeed-d882-11de-9099-806e6f6e6963}\ not found.
File E:\SWSETUP\APPINSTL\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b196e4f-134d-11df-ac4b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ca9436a-1ed4-11df-abed-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f05-effe-11de-850b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c226f1b-effe-11de-850b-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2dad89b-f13c-11de-b364-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f78-fe9c-11de-abb8-806e6f6e6963}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86f98-fe9c-11de-abb8-00247eb4e609}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f86faa-fe9c-11de-abb8-00247eb4e609}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c032384f-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323852-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0323855-05c6-11df-963b-002655b68f8b}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4fc759d-2c30-11df-abe6-001e6567c30a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea31ee55-23bd-11df-adaa-e303719ab757}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
File C:\Windows\System32\drivers\vysgy.sys not found.
ADS C:\ProgramData\TEMP:9AEE100C deleted successfully.
ADS C:\ProgramData\TEMP:94A19129 deleted successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\Neovxi folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 4778698 bytes
->Temporary Internet Files folder emptied: 100814626 bytes
->Java cache emptied: 29139522 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1934976 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153280 bytes
RecycleBin emptied: 223314 bytes
Total Files Cleaned = 131,00 mb
OTL by OldTimer - Version 3.2.12.0 log created on 09132010_235002
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
14.09.2010, 08:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.PR - ist mein PC frei davon? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu BDS/Papras.PR - ist mein PC frei davon? |
| 32 bit, alternate, antivir, audacity, avgntflt.sys, avira, backdoor, bandoo, bds/papras.pr, bho, bildschirm, bluescree, bluescreen, components, converter, corp./icp, desktop, downloader, error, erste mal, excel, excel.exe, festplatte, firefox, flash player, fontcache, google, iastor.sys, install.exe, launch, local\temp, location, locker, logfile, microsoft office word, mozilla thunderbird, mp3, non-system disk or disk error, nvstor.sys, object, office 2007, oldtimer, olympus, otl logfile, otl.exe, papras, picasa, plug-in, programdata, programm, safeboot.sys, saver, sched.exe, schwarzer bildschirm, searchplugins, security, security update, shell32.dll, software, start menu, starthilfe, studio, taskhost.exe, trojan.agent.u, trojan.zbotr.gen, virus, webcheck, windows |
Linear-Darstellung
