Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll

BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll


Plagegeister aller Art und deren Bekämpfung: BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.09.2010, 00:11   #1
tvetten
 
BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll - Standard

BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll


Hallo,
wie so viele Andere hier habe ich mir auch den BDS/Papras.RL eingefangen. Anti-Vir meldete "Meldung: Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Papras.RL"
Wobei kann ich allerdings nicht genau sagen. Ich las im Forum von einem Zusammenhang mit Java, welches sich bei mir nicht mehr auf dem aktuellsten Stand befand.
Betriebssystem ist Vista.

Habe Malwarebytes scannen lassen und folgendes ist rausgekommen:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4621

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

16.09.2010 00:42:01
mbam-log-2010-09-16 (00-42-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 333380
Laufzeit: 1 Stunde(n), 35 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Log von OTL ergab Folgendes:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2010 01:07:17 - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 56,89 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Naevius YouTube Converter\mon.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (P1110VID) -- C:\Windows\System32\drivers\P1110Vid.sys (Creative Technology Ltd.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.schwerte.de/service/freemail/login/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 12:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\program files\Mozilla Firefox\components [2010.09.12 21:56:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010.09.12 21:56:05 | 000,000,000 | ---D | M]
 
[2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.15 23:16:19 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions
[2009.11.30 23:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.20 21:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.08.02 19:26:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.18 09:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.15 17:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007.12.25 10:58:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2010.03.24 18:23:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.24 18:23:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.24 18:23:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.24 18:23:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.24 18:23:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [recinfo284] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\mon.exe ()
O4 - HKCU..\Run: [FilterHost] C:\Users\Tobi\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0d577a45-8714-11de-ab4c-0019214c00db}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{63421511-b25d-11dc-af49-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63421511-b25d-11dc-af49-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{f149029b-0a2c-11de-8a87-0019214c00db}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\menu.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.15 13:02:22 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.09.15 13:02:18 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.09.15 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Sunbelt Software
[2010.09.15 12:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.09.15 00:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.09.14 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira
[2010.09.14 23:49:21 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.09.14 23:49:21 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.09.14 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes
[2010.09.14 23:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.14 23:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.14 23:35:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.14 23:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.14 23:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.09.12 23:20:22 | 000,000,000 | ---D | C] -- C:\Users\Tobi\dt05_x.img
[2010.09.10 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.09.10 18:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.16 01:07:14 | 003,145,728 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat
[2010.09.16 01:05:11 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4543B1A4-40CE-40BF-94A7-825C9CDE50F4}.job
[2010.09.16 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.16 00:43:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.16 00:43:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.15 20:47:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.15 17:44:13 | 000,099,716 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.15 17:44:12 | 000,099,716 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.15 17:43:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.15 17:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.15 17:43:42 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.15 17:42:29 | 004,769,080 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db
[2010.09.15 17:37:48 | 000,011,264 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.15 13:02:18 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.09.15 12:33:07 | 000,002,623 | ---- | M] () -- C:\Users\Tobi\Desktop\Microsoft Word.lnk
[2010.09.15 12:24:36 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.09.14 23:35:16 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.14 23:21:10 | 000,511,968 | ---- | M] () -- C:\Users\Tobi\Desktop\sdsetup.exe
[2010.09.13 14:30:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PESEdit.com 2010 Patch.lnk
[2010.09.12 20:01:46 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.12 20:01:46 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.12 20:01:46 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.12 20:01:46 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.12 20:01:46 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.10 18:52:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.10 18:49:53 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.10 17:15:51 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.09.08 14:59:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.08.26 14:07:23 | 000,027,136 | ---- | M] () -- C:\Users\Tobi\Documents\Hi Tobi.doc
[2010.08.21 10:36:22 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.08.18 15:32:39 | 005,260,168 | ---- | M] () -- C:\Users\Tobi\PES2010_EDIT.bin
 
========== Files Created - No Company Name ==========
 
[2010.09.15 16:01:38 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.09.15 12:24:36 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.09.14 23:35:16 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.14 23:21:30 | 000,511,968 | ---- | C] () -- C:\Users\Tobi\Desktop\sdsetup.exe
[2010.09.10 18:52:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.10 18:49:53 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.26 14:07:23 | 000,027,136 | ---- | C] () -- C:\Users\Tobi\Documents\Hi Tobi.doc
[2010.05.03 10:56:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.02.10 12:47:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.24 17:38:45 | 000,099,716 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.24 17:38:43 | 000,099,716 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.14 14:01:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.11.02 20:00:17 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009.11.02 20:00:17 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2009.11.02 20:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009.11.02 19:59:56 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI
[2009.11.02 19:59:56 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009.11.02 19:58:14 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.12 15:39:55 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2009.07.04 11:21:05 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009.07.03 22:38:04 | 000,000,289 | ---- | C] () -- C:\Windows\Sierra.ini
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.04.22 13:34:59 | 000,081,888 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\mdbu.bin
[2009.04.09 14:54:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.04.09 14:54:31 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.14 17:05:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.07.10 11:06:39 | 000,000,021 | ---- | C] () -- C:\Windows\PI_SETUP.ini
[2008.05.01 17:33:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.03.25 15:57:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.01.18 18:03:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.15 14:17:07 | 000,001,356 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat
[2007.12.27 18:07:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.25 14:00:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.25 01:55:03 | 000,011,264 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1998.03.25 21:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\vbzlib.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Tobi\Desktop\Lieferbar Spot2.avi:TOC.WMV
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2010 01:07:17 - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 56,89 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B51886-2D90-492A-A380-EFF2B675E18A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1D7B5527-91C6-46AD-8A40-35CA5108644F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1FD0EF9F-AD9D-4EDA-8A1D-44677DA7F832}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3F447F3F-C713-4B5B-8917-B5FCAACF0CFB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4A65013F-7B9D-47FE-AA0C-1D0DA8E65110}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5CBE48A1-0EB9-4739-897B-E3D1943782BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90ECF0DB-A05D-4008-8530-A4B0C09F7B8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DB94E8C-7986-412B-B40E-516F4D54087A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A375C673-7532-4555-8DEA-33EEFECDC76D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C9514EA4-6002-4D31-8116-36AC6C7D8C63}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D3186EEE-11FB-4D6F-AAAA-0598AC303192}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EB3E5C3A-0891-4EE6-8111-434B0BC0FE05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F696EA09-67C1-48C0-99F7-69D315380086}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6EF9FFC-8370-4F1C-A686-6B0F0928663E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F7C64B30-B947-4AF2-A965-51BE2A8B30AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FE38DB6D-3EA6-4484-BFEC-8C4CFFAE4577}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF857E0-0CCB-48DE-8628-E7F4874FBBD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1137BE8A-AA9D-4910-AD2D-DFAD9230C4CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{2426740A-5C68-4238-9EE1-EC35C22AFEF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2BBA20C9-D0AD-413C-85B7-31C8C2327536}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{3B529FB9-B148-45E2-96E9-DE3291870E4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3E474F6A-BE9F-444A-95BA-B6E4E1DE246D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3F8E3922-6AF3-4A58-8B1F-A1D918C8918B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{41B66EBF-B48D-49F9-897A-83F2D78EC3BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{4FC69DFB-2792-4EA6-BC00-BAD64ACC2BC5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{52C9DD19-7E03-468C-BEDC-FC2B46342F52}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{53E4588F-6594-49C2-B922-39431224ECEF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{6859127E-EF12-4199-A951-9DC5F0E422B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{706CCAF5-0587-4FC5-A5C9-2866BD91523D}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{8E74298E-D2EA-499C-B1C5-49A5E573A7C1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{927DA504-DBC7-47B8-97CD-4C4102C72B54}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{9EDA56A4-1588-48BF-9EB4-412BE0324A89}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{9FD29421-05AC-49F7-931C-2EDD59CD421A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A5B43B67-88D4-4BE0-A5CD-05A9AAA4BDCE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{B348ED89-4B61-4338-99CD-8FA8D578E3C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B385BFF8-F5E0-43A1-A2C7-27A4B5703EE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BF87DAC1-9218-4B1A-987C-013C55B539DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDC90420-6DE0-439E-AE96-C8E1247578FE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{D0955710-E8D3-4FBA-9D72-9915CD979600}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{E6F55F72-1F69-47E0-9E0E-AA645F34A103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F00C4A4A-DC0B-4AB5-A9A2-3C1366D7366E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"TCP Query User{00742117-E2C3-45F1-9BA3-F9B2FB33406A}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{2423E0A3-9A10-4CC0-9ABE-0BF63EAD6174}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"TCP Query User{329DDDDE-F8CC-4592-8542-45DB5EB63EF6}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{5AB4FF24-2346-4A98-BED3-ED2351D83BED}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe | 
"TCP Query User{88EC6702-D85A-440D-A8F3-D925AF075910}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{993DC233-DDC7-4016-8A75-0B11CD11DC12}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{9D4CC5BB-AC33-4D13-89DE-4E31A820A960}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B33F168C-880C-4565-93E5-F37E3AC74841}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"TCP Query User{D80580DC-1B9E-4E3F-95A8-67A1BE5054EE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DED71E19-2AFE-48DA-8D50-069ACB0ABFF9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{323BC18E-9FC4-444D-9A74-F6F61FCAB977}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{487382ED-4180-4400-A683-1D732886E415}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{53E55322-14EE-4690-A7B2-3392DECD3DBA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{65F3A1DC-F84D-440E-ABF8-0AB688F24475}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"UDP Query User{99AAEDC5-A971-4567-B0B6-EA70C7003713}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{9FD82C1C-DC7C-43C0-A762-B243C6542A3E}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"UDP Query User{AD40402E-00F2-4776-A4BE-56AD35FDFF25}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{C969B16F-9491-4569-96EA-695B6C44F0F9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{E5BFD167-9B3C-4B00-A1E9-F67B9A57F1AC}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe | 
"UDP Query User{F985F73E-1ABF-4E5B-A8FF-B8F781752B68}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DB921F-6DFF-4743-AD3D-6A2F2D0A4794}" = Brother HL-2035
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}" = Game Graphic Studio
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFF8A42A-0814-4864-92D7-52EFB3048ABD}" = PhotoImpression
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"ALDI Nord Foto Service D" = ALDI Nord Foto Service
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bundesliga-Patch 2009 v1.70" = Bundesliga-Patch 2009 v1.70
"Creative PC-CAM Center" = Creative PC-CAM Center Lite
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor" = Creative WebCam Monitor
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Family Fun RC Racers" = Big Fun Funk-Flitzer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Naevius YouTube Converter_is1" = Naevius YouTube Converter 2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PKR" = PKR
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"TomTom HOME" = TomTom HOME 2.7.0.1785
"TOPSIM - Startup! Produktion - Businessplan" = TOPSIM - Startup! Produktion - Businessplan
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2010 08:54:09 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00ca8c92, Prozess-ID 0x1394, Anwendungsstartzeit 01cb534163a33f26.
 
Error - 13.09.2010 08:58:41 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 13.09.2010 11:28:07 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.09.2010 03:04:10 | Computer Name = Tobi-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.09.2010 03:04:13 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.09.2010 03:04:13 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.09.2010 04:03:45 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 14.09.2010 06:06:08 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00ca8c92, Prozess-ID 0x15cc, Anwendungsstartzeit 01cb53f1d6b7ae5f.
 
Error - 14.09.2010 06:30:46 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.09.2010 13:15:01 | Computer Name = Tobi-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 13.09.2010 12:19:14 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 13.09.2010 13:35:25 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.09.2010 03:17:45 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.09.2010 05:45:59 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.09.2010 08:52:36 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.09.2010 09:26:13 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.09.2010 13:42:17 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.09.2010 07:26:59 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.09.2010 07:30:32 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.09.2010 11:44:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---



Wie gehe ich nun weiter vor? Möchte meinen Computer eigentlich ungern formatieren wegen der ganzen Internetsoftware, Routereinstellungen, usw. .
Bitte um Hilfe!

 

Themen zu BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll
7-zip, acroiehelper.dll, ad-aware, alternate, antivir, audacity, audiograbber, avgntflt.sys, avira, bho, bonjour, components, converter, corp./icp, desktop, druck, error, firefox, firefox.exe, flash player, google, graphic, home, home premium, iastor.sys, install.exe, kaspersky, local\temp, location, logfile, mozilla, mp3, need for speed, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, svchost.exe, usb, visual studio, vlc media player, youtube converter, {dfefcdee-cf1a-4fc8-88ad-48514e463b27}


« Tabs öffnen sich automatisch - Scan durchgeführt - ist mein Laptop wieder sauber? | Probleme mit Google (Weiterleitung), diversen Webseiten und Malwarebytes lässt sich nicht starten »


Ähnliche Themen: BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. TR/Dropper/A.15627 in C:\Users\XXX\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  7. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  8. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  9. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  10. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll - Hallo, wie so viele Andere hier habe ich mir auch den BDS/Papras.RL eingefangen. Anti-Vir meldete "Meldung: Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Papras.RL" Wobei kann ich allerdings nicht genau sagen. - BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll...
Archiv
Du betrachtest: BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131