Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BDS/Papras.UW durch AntiVir in clipress.dll gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.11.2010, 08:55   #1
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Hallo,

mein AntiVir meldet regelmäßig (unter anderem beim Start eines neuen Programmes) den Fund von BD/Papras.UW in der Datei C:\Users\Benutzername\App Data\Local\clipress.dll

Alle versuche die Datei in Quarantäne zu schieben haben nicht funktioniert.

Ich habe nach einigem googlen Malwarebytes installiert und laufen lassen. Der hat beim ersten Suchen einen anderen Virus gefunden und entfernt (Malware.Trace in avdrn.dat, siehe unten), beim zweiten Suchlauf war dann alles sauber. An der Datei clipress.dll stört er sich nicht.

Testweise habe ich die Datei selbst mal verschoben (auf den Desktop) um zu sehen was passiert. Die AntiVir-Meldung kommt nun immernoch, mit dem geänderten Pfad (c:\Users\Benutzername\Desktop\clipress.dll)

Habe an anderer Stelle hier im Board schon gelesen, dass es auch ein Fehlalarm von Antivir sein könnte. Aber wie finde ich das raus?

Hier das Log vom ersten Suchlauf:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5044

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.11.2010 22:09:39
mbam-log-2010-11-04 (22-09-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262447
Laufzeit: 1 Stunde(n), 33 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Besitzer\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


Und vom zweiten Suchlauf:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5044

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.11.2010 23:43:00
mbam-log-2010-11-04 (23-43-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262491
Laufzeit: 1 Stunde(n), 21 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 05.11.2010, 17:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 06.11.2010, 11:52   #3
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Hallo,

Danke für die Antwort! Hier die Logs:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.11.2010 10:16:07 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 29,37 Gb Free Space | 31,85% Space Free | Partition Type: NTFS
Drive D: | 197,09 Gb Total Space | 173,48 Gb Free Space | 88,02% Space Free | Partition Type: NTFS
 
Computer Name: JONATHAN | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9251B8-E961-4F5A-96AA-D2B9F126FD2C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{108C0BBD-3DDC-46F2-8C2A-6446F761B5C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1303D149-E10C-47CE-9720-F7A91A941A39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{145891A8-E45B-478A-930C-5D9C615EF893}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3505FE7D-4A25-4551-BE85-7956F5462F5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{449AC094-14F8-4972-AF77-B536984E7245}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4CB06D9F-53A1-4CEE-9A27-98198596888F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{506B4BBA-F08A-47BB-ADE0-5D937C9EE670}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{53CBC31B-F307-4F37-906D-13A748E31CBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5471D7DE-39AB-431F-B677-651AC686C0C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{61996DC3-726E-41AD-9711-4FCB04AD912F}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{6D072839-F20A-4C0B-BE12-CA1002B531F0}" = lport=1100 | protocol=6 | dir=in | name=tor | 
"{83093325-D95C-4745-BB71-6DBFAC773A5C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{84170CA2-5882-4A08-AE6C-5709F6603698}" = rport=137 | protocol=17 | dir=out | app=system | 
"{84E08DBA-CFE9-4F79-8936-20CC855C2B48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{96E3C529-3134-40AD-B202-A069DB9F2354}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{AFC7DCA9-F04A-4BD4-B51E-E13D3A96A687}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BEE4E7AD-ED39-4576-A93D-9BB0C43AEFAC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D24EFB16-A9A5-427F-8303-02E7E390F568}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D9AE5C64-3035-4300-9B68-CC6F09620AA8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{DC5DFB7F-FEB5-4BC9-A89E-9E6C0E538606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF886EAE-0DDF-4241-AC04-BDC9978E1927}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA6E1445-8B9E-41BE-BE63-BBBEE5CBF82A}" = lport=1100 | protocol=17 | dir=in | name=tor udp | 
"{FF73E513-3DB9-4F3C-952C-5872A30CC2E5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F5ECA54-88FE-4B3B-849F-F54471D61969}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{1BA840F9-D2B6-4FF4-B286-654A9B656CB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1C9C2D86-B5BD-4C2D-B4EF-F62D7230C00E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1EB3BBD3-8782-483F-84AE-2A382BA8DBD7}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe | 
"{3400A4FB-0E1E-4844-B5D9-372435A4CB15}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{52D8087B-7F7B-4B74-B73B-EE1370B3A037}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{60F79FF3-2991-4D6E-8478-2C0E725021B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{698FFB3A-FAB6-44BF-8353-9EBDEA8F704F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7CD74BC8-B01F-4BC9-93EF-0C34866A8D4B}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{91881304-1D07-4FA6-8078-3A3650CE87AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9F8AACE-3EE8-4D64-B0AF-3ED5E148C1C4}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{B19E6360-1B25-4D34-86A9-5EBA9A8596F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B777F5BC-4661-4A30-A12E-F1B82AEBA2A5}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{BC4FFE35-835D-4BF7-BEB3-671969F79C5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C75178D2-4833-4A44-9496-B03EBCB9E544}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E66F7070-2117-484B-A7D0-7914D338C5A3}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe | 
"TCP Query User{016BF2C6-EA92-4148-B865-F48BF807F333}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{0D863F7C-974C-4496-85F8-55CFC83B9A05}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | 
"TCP Query User{4CCA00AC-96D4-472D-A582-72589A815DA1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{574FBCB0-4F0A-4C01-A738-8A6B31FDF239}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{6FDBB36F-F238-4AC7-98A4-520C66CAA928}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{E229D3B8-31E8-4975-972E-1CBDED0EE5F8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E9F31EC8-0294-4805-A8B0-8F21D580BF08}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{EE7280DF-E6D9-42BE-BFAE-49D355BB20A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{42CF017A-8471-43AF-9711-BCEF6E132AF9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{571ABE52-9AD7-4186-AD42-6BDB400B7435}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | 
"UDP Query User{7C9E4F21-C342-4AD2-928C-EA3FFDB55337}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{9D03603D-01F9-46C6-9726-F5870158E4E3}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A2D9C7B8-3CAD-4FBE-AA72-10F4DC1AC305}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{AB8AE4C5-9885-42F1-AAC9-E864058052B8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{E3C0B46E-2514-4F1D-A5AB-C2AA6DD15BBE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F6C86C06-EC87-46E5-AD68-B28C53C5C652}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.26
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arena 2.0.1_is1" = Arena 2.0.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"Core FTP LE 2.1" = Core FTP LE 2.1
"Debut" = Debut Video Capture Software
"dm-Fotowelt" = dm-Fotowelt
"ECDeject" = ECDeject
"ElsterFormular 11.5.0.4546" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.5
"FlashGet" = FlashGet 1.9.6.1073
"Football Manager 2008" = Football Manager 2008
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JAP" = JAP
"JDownloader" = JDownloader
"Lexmark X74-X75" = Lexmark X74-X75
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"pdfsam" = pdfsam
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel(R) Network Connections Drivers
"SopCast" = SopCast 3.2.9
"Videoload Manager" = Videoload Manager 2.0.2171
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2010 14:00:24 | Computer Name = jonathan | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gimp-2.6.exe, Version 0.0.0.0, Zeitstempel 0x49c4317f,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode
 0xc0000005, Fehleroffset 0x00066796,  Prozess-ID 0x150, Anwendungsstartzeit 01cb7536fe733148.
 
Error - 26.10.2010 15:06:26 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.10.2010 02:54:07 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.10.2010 03:27:59 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.10.2010 15:13:55 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.10.2010 16:46:34 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.10.2010 03:40:03 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2010 06:09:23 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2010 07:46:47 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.11.2010 14:30:30 | Computer Name = jonathan | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.09.2010 14:36:11 | Computer Name = jonathan | Source = DCOM | ID = 10010
Description = 
 
Error - 24.09.2010 02:10:44 | Computer Name = jonathan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.09.2010 um 22:31:20 unerwartet heruntergefahren.
 
Error - 29.09.2010 16:30:22 | Computer Name = jonathan | Source = DCOM | ID = 10010
Description = 
 
Error - 01.10.2010 02:10:49 | Computer Name = jonathan | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 03.10.2010 13:12:58 | Computer Name = jonathan | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 15.10.2010 07:18:36 | Computer Name = jonathan | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 17.10.2010 15:29:44 | Computer Name = jonathan | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.10.2010 16:18:45 | Computer Name = jonathan | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 04.11.2010 16:29:06 | Computer Name = jonathan | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 04.11.2010 16:29:06 | Computer Name = jonathan | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
 
< End of report >
         
--- --- ---

--------------------------------------------------------------------------

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.11.2010 10:16:07 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 29,37 Gb Free Space | 31,85% Space Free | Partition Type: NTFS
Drive D: | 197,09 Gb Total Space | 173,48 Gb Free Space | 88,02% Space Free | Partition Type: NTFS
 
Computer Name: JONATHAN | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys File not found
DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ECDejectPortIO) -- C:\Programme\ECDeject\ECDejectIo.sys (Dritek System Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.boston.com/bigpicture/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: asf@mangaheart.org:1.0.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.1
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.7
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..network.proxy.socks_version: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.12 15:24:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.04 10:49:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.16 11:51:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.04 10:49:44 | 000,000,000 | ---D | M]
 
[2009.05.07 16:12:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2010.11.06 10:00:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions
[2009.11.16 11:36:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.16 13:28:57 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.02.16 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\asf@mangaheart.org
[2010.11.02 21:11:27 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\firefox@tvunetworks.com
[2010.10.03 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\tabscope@xuldev.org
[2010.11.01 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\twitternotifier@naan.net
[2010.06.22 11:14:11 | 000,001,330 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\FireFox\Profiles\vresh7pc.default\searchplugins\wikipedia-en.xml
[2009.12.01 18:38:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.03.12 15:24:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 15:24:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 15:24:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 15:24:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 15:24:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Compecab] C:\Users\Besitzer\AppData\Local\Temp\clipress.DLL File not found
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell - "" = AutoRun
O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.06 10:15:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2010.11.04 19:09:46 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2010.11.04 19:08:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.04 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.04 19:08:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.04 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.02 21:24:37 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2010.11.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\TVU Networks
[2010.11.02 21:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010.11.02 21:11:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx

[2010.10.27 08:00:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 08:00:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.27 08:00:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.14 09:18:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 09:18:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 09:18:20 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 09:18:18 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 09:18:17 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 09:18:15 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 09:18:13 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 09:18:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.14 09:18:03 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 09:17:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 09:17:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 09:17:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.14 09:17:58 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[1 C:\Users\Besitzer\Documents\*.tmp files -> C:\Users\Besitzer\Documents\*.tmp -> ]
[1 C:\Users\Besitzer\Desktop\*.tmp files -> C:\Users\Besitzer\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.06 10:20:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{549B8BBE-57D0-471E-BE5B-9CFCEC148D79}.job
[2010.11.06 10:15:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2010.11.06 10:09:41 | 000,007,804 | ---- | M] () -- C:\Users\Besitzer\Desktop\Antrag.pdf
[2010.11.06 10:02:35 | 000,007,256 | ---- | M] () -- C:\Users\Besitzer\Desktop\Download.pdf
[2010.11.06 09:55:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.06 09:55:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.06 09:55:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.06 09:55:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.06 09:49:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.06 09:49:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.06 09:49:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.06 09:49:17 | 3180,208,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.05 09:31:44 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.01 21:46:18 | 000,007,256 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288642600-enm-Download.pdf
[2010.11.01 21:46:11 | 000,260,190 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644021-enm-Download.pdf
[2010.11.01 21:46:04 | 000,024,707 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644050-enm-Antrag.pdf
[2010.10.31 18:58:00 | 000,001,472 | ---- | M] () -- C:\Users\Besitzer\.recently-used.xbel
[2010.10.20 22:26:54 | 000,051,712 | ---- | M] () -- C:\Users\Besitzer\Desktop\clipress.dll
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.15 08:19:00 | 000,304,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.14 10:53:22 | 000,005,681 | ---- | M] () -- C:\Users\Besitzer\Documents\Rechnung 10-05 (Müller Dragan Auslagen).pdf
[1 C:\Users\Besitzer\Documents\*.tmp files -> C:\Users\Besitzer\Documents\*.tmp -> ]
[1 C:\Users\Besitzer\Desktop\*.tmp files -> C:\Users\Besitzer\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 10:09:40 | 000,007,804 | ---- | C] () -- C:\Users\Besitzer\Desktop\Antrag.pdf
[2010.11.06 10:02:34 | 000,007,256 | ---- | C] () -- C:\Users\Besitzer\Desktop\Download.pdf
[2010.11.01 21:46:18 | 000,007,256 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288642600-enm-Download.pdf
[2010.11.01 21:46:11 | 000,260,190 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644021-enm-Download.pdf
[2010.11.01 21:46:04 | 000,024,707 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644050-enm-Antrag.pdf
[2010.10.31 18:58:00 | 000,001,472 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel
[2010.10.20 22:26:54 | 000,051,712 | ---- | C] () -- C:\Users\Besitzer\Desktop\clipress.dll
[2010.10.14 10:53:21 | 000,005,681 | ---- | C] () -- C:\Users\Besitzer\Documents\Rechnung 10-05 (Müller Dragan Auslagen).pdf
[2010.09.04 00:08:03 | 000,000,016 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\hngmfc.dat
[2010.08.14 09:40:05 | 000,000,801 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010.06.09 10:52:36 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\rx_image.Cache
[2010.01.11 16:44:36 | 000,013,906 | ---- | C] () -- C:\Windows\hplj1010.ini
[2009.10.21 10:02:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.29 18:31:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.09 15:47:57 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.05.06 15:51:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.06 15:51:35 | 000,058,368 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.06 14:07:42 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.07.30 05:34:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll
[2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.10.14 15:39:18 | 000,000,184 | ---- | C] () -- C:\Windows\System32\lxbbcoin.ini
[2001.07.31 11:17:12 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

< End of report >
         
--- --- ---
__________________

Alt 06.11.2010, 16:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Compecab] C:\Users\Besitzer\AppData\Local\Temp\clipress.DLL File not found
O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell - "" = AutoRun
O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
[2010.10.20 22:26:54 | 000,051,712 | ---- | M] () -- C:\Users\Besitzer\Desktop\clipress.dll
[2010.09.04 00:08:03 | 000,000,016 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\hngmfc.dat
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.11.2010, 17:34   #5
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Okay, hat alles geklappt, mit Neustart. Hier das Log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Compecab deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Besitzer\Desktop\clipress.dll moved successfully.
C:\Users\Besitzer\AppData\Roaming\hngmfc.dat moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Besitzer
->Temp folder emptied: 1654194 bytes
->Temporary Internet Files folder emptied: 193604 bytes
->Java cache emptied: 44377306 bytes
->FireFox cache emptied: 47484342 bytes
->Opera cache emptied: 539475 bytes
->Flash cache emptied: 36340 bytes

User: Cosima

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1987536 bytes
RecycleBin emptied: 2307133127 bytes

Total Files Cleaned = 2.292,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11062010_172850

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Alt 06.11.2010, 17:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> BDS/Papras.UW durch AntiVir in clipress.dll gefunden

Alt 06.11.2010, 18:11   #7
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Hallo,

das war leider kein Erfolg. ComboFix ist mit Bluescreen abgestürzt. Lag es vielleicht an irgendeinem Programm im Hintergrund, das ich vergessen habe zu schließen?

Ein Log gibt es nicht, auch nicht im Root von C

Soll ich's nochmal laufen lassen?

VIELEN DANK FÜR DIE HILFE !!!!!

Alt 06.11.2010, 18:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Ja lass es bitte nochmal laufen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.11.2010, 19:04   #9
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Gleiches Ergebnis.

Muss ich die Windows Firewall auch ausstellen?

Alt 06.11.2010, 19:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Die Windows-Firewall kann eigentlich an bleiben.

Mach mal erst Logs mit GMER und OSAM wenn CF nicht will.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.11.2010, 20:10   #11
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



hier schonmal GMER:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-06 20:06:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 11.01A11
Running: cln13xe3.exe; Driver: C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys


---- System - GMER 1.0.15 ----

SSDT      8C3525C4                                                                                                            ZwCreateThread
SSDT      8C3525B0                                                                                                            ZwOpenProcess
SSDT      8C3525B5                                                                                                            ZwOpenThread
SSDT      8C3525BF                                                                                                            ZwTerminateProcess

INT 0x62  ?                                                                                                                   864CDBF8
INT 0x72  ?                                                                                                                   864CDBF8
INT 0x92  ?                                                                                                                   864CDBF8
INT 0xA2  ?                                                                                                                   854ECBF8
INT 0xA2  ?                                                                                                                   854ECBF8
INT 0xA2  ?                                                                                                                   854ECBF8
INT 0xA2  ?                                                                                                                   864CDBF8
INT 0xA2  ?                                                                                                                   864CDBF8
INT 0xA2  ?                                                                                                                   854EBD10
INT 0xA2  ?                                                                                                                   854EBD10
INT 0xA2  ?                                                                                                                   854EBD10
INT 0xA2  ?                                                                                                                   864CDBF8
INT 0xA2  ?                                                                                                                   854ECBF8
INT 0xB2  ?                                                                                                                   864CDBF8

---- Kernel code sections - GMER 1.0.15 ----

.text     ntkrnlpa.exe!KeSetEvent + 221                                                                                       820B1984 4 Bytes  [C4, 25, 35, 8C]
.text     ntkrnlpa.exe!KeSetEvent + 3F1                                                                                       820B1B54 4 Bytes  [B0, 25, 35, 8C]
.text     ntkrnlpa.exe!KeSetEvent + 40D                                                                                       820B1B70 4 Bytes  [B5, 25, 35, 8C]
.text     ntkrnlpa.exe!KeSetEvent + 621                                                                                       820B1D84 4 Bytes  [BF, 25, 35, 8C]
?         System32\Drivers\spbh.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                               8A54441B 5 Bytes  JMP 864CD1D8 
.text     a0cnn1d2.SYS                                                                                                        8A376000 22 Bytes  [82, 53, 3C, 82, 6C, 52, 3C, ...]
.text     a0cnn1d2.SYS                                                                                                        8A376017 118 Bytes  [00, 32, 07, 7A, 80, 3D, 05, ...]
.text     a0cnn1d2.SYS                                                                                                        8A37608E 16 Bytes  [04, 82, 84, 38, 05, 82, 30, ...]
.text     a0cnn1d2.SYS                                                                                                        8A37609F 45 Bytes  [82, 20, E0, 0A, 82, 64, D6, ...]
.text     a0cnn1d2.SYS                                                                                                        8A3760CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text     ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [806966D6] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80696042] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80696800] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                           [806960C0] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8069613E] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [806A5E9C] \SystemRoot\System32\Drivers\spbh.sys
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortNotification]                                          CC358B04
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortUchar]                                        838A39BF
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortUlong]                                        458B38C6
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    A5A5A514
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         100D8BA5
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  5F8A3990
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortUchar]                                         30810889
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortStallExecution]                                        54771129
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetParentBusType]                                      10C25D5E
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortRequestCallback]                                       8B55CC00
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 084D8BEC
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  0CF0918B
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortCompleteRequest]                                       458B0000
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortMoveMemory]                                            8B108910
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             000CF491
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                04508900
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  053C7980
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortUshort]                                        560C558B
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  C6127557
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortInitialize]                                            B18D0502
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         00000CF8
IAT       \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     A508788D

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              854F21F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                854EE1F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    864D21F8
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    864E0500
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    864D21F8
Device    \Driver\PCI_PNP7957 \Device\00000063                                                                                spbh.sys
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                              854EE1F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                    864E0500
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                              854EE1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                        8661F1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         854F01F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  854F01F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  854F01F8
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  854F01F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                         854F01F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel0                                                                          854F11F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel1                                                                          854F11F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel5                                                                          854F11F8
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                              854EE1F8
Device    \Driver\cdrom \Device\CdRom1                                                                                        8661F1F8
Device    \Driver\BTHUSB \Device\00000081                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                             89DF81F8
Device    \Driver\BTHUSB \Device\00000083                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      89DD2500
Device    \Driver\netbt \Device\NetBT_Tcpip_{0A768961-F322-4E8B-9C44-CC27116F4786}                                            89DF81F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  866101F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{8420A3BA-D7CD-420A-AF1C-D7C06C0DC783}                                            89DF81F8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    864D21F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{45858A33-5356-485C-8C6B-C8C60C664690}                                            89DF81F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    864D21F8
Device    \Driver\sptd \Device\1088795970                                                                                     spbh.sys
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    864D21F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    864E0500
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    864D21F8
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    864D21F8
Device    \Driver\usbehci \Device\USBFDO-7                                                                                    864E0500
Device    \Driver\a0cnn1d2 \Device\Scsi\a0cnn1d21Port7Path0Target0Lun0                                                        866191F8
Device    \Driver\a0cnn1d2 \Device\Scsi\a0cnn1d21                                                                             866191F8
Device    \Driver\JMCR \Device\Scsi\JMCR1                                                                                     865A1500
Device    \Driver\JMCR \Device\Scsi\JMCR2                                                                                     865A1500
Device    \Driver\JMCR \Device\Scsi\JMCR3                                                                                     865A1500
Device    \FileSystem\cdfs \Cdfs                                                                                              AF9D21F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fc88b0                                         
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fc88b0@000f865a221c                            0xBA 0x68 0xD7 0xD3 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x89 0xAB 0xDF 0x92 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x9B 0x53 0x5D 0x4B ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x08 0xB2 0xBA 0x03 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001644fc88b0 (not active ControlSet)                     
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001644fc88b0@000f865a221c                                0xBA 0x68 0xD7 0xD3 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x89 0xAB 0xDF 0x92 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x9B 0x53 0x5D 0x4B ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x08 0xB2 0xBA 0x03 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 06.11.2010, 20:16   #12
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Hier OSAM:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:15:33 on 06.11.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a0cnn1d2" (a0cnn1d2) - "Microsoft Corporation" - C:\Windows\system32\drivers\a0cnn1d2.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Besitzer\AppData\Local\Temp\catchme.sys  (File not found)
"ECS ECDeject Port I/O" (ECDejectPortIO) - "Dritek System Inc." - C:\PROGRA~1\ECDeject\ECDejectIO.sys
"fflyypow" (fflyypow) - ? - C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys  (Hidden registry entry, rootkit activity | File not found)
"GpdDevDPort" (GpdDevDPort) - ? - C:\Windows\system32\directport.sys  (File not found)
"GpdKbFilter" (GpdKbFilter) - ? - C:\Windows\system32\kbfiltr.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - c:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - c:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"FlashGet" - "FlashGet.com" - C:\Program Files\FlashGet\FlashGet.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Program Files\FlashGet\jccatch.dll
{F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Program Files\FlashGet\getflash.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SODCPreLoad" - ? - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe C:\Users\Besitzer\IBM\Lotus\Symphony\.sodc\  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Network Port" - "Lexmark International, Inc." - C:\Windows\system32\LEXLMPM.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LexBce Server" (LexBceS) - "Lexmark International, Inc." - C:\Windows\System32\LEXBCES.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe  (File found, but it contains no detailed information)
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 06.11.2010, 20:18   #13
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Und Nummer 3:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Si 3655
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 148):
0x82005000 \SystemRoot\system32\ntkrnlpa.exe
0x823BE000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\System32\Drivers\spbh.sys
0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82607000 \SystemRoot\system32\drivers\acpi.sys
0x8264D000 \SystemRoot\system32\drivers\msisadrv.sys
0x82655000 \SystemRoot\system32\drivers\pci.sys
0x8267C000 \SystemRoot\System32\drivers\partmgr.sys
0x8268B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8268E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82698000 \SystemRoot\system32\drivers\volmgr.sys
0x826A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x826F1000 \SystemRoot\System32\drivers\mountmgr.sys
0x82701000 \SystemRoot\system32\drivers\atapi.sys
0x82709000 \SystemRoot\system32\drivers\ataport.SYS
0x82727000 \SystemRoot\system32\drivers\msahci.sys
0x82731000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8273F000 \SystemRoot\system32\drivers\fltmgr.sys
0x82771000 \SystemRoot\system32\drivers\fileinfo.sys
0x82781000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A204000 \SystemRoot\system32\drivers\ndis.sys
0x8A30F000 \SystemRoot\system32\drivers\msrpc.sys
0x8A33A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A40F000 \SystemRoot\System32\drivers\tcpip.sys
0x8A4F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A60B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71B000 \SystemRoot\system32\drivers\volsnap.sys
0x8A754000 \SystemRoot\System32\Drivers\spldr.sys
0x8A75C000 \SystemRoot\System32\Drivers\mup.sys
0x8A76B000 \SystemRoot\System32\drivers\ecache.sys
0x8A792000 \SystemRoot\system32\drivers\disk.sys
0x8A7A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A7EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F0DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F17E000 \SystemRoot\System32\drivers\watchdog.sys
0x8F18A000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8F1C4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A514000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A552000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E209000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E590000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E5A0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E5AE000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8E5C3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E5DD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E5E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E5F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1DE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A5DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A375000 \SystemRoot\System32\Drivers\a0cnn1d2.SYS
0x8F1E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A3AD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x805BC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E200000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8A3DC000 \SystemRoot\system32\drivers\modem.sys
0x8A3E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x827F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F205000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F219000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F22E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8F235000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F245000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F247000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F271000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F27B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F288000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F2BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F809000 \SystemRoot\system32\drivers\portcls.sys
0x8F836000 \SystemRoot\system32\drivers\drmk.sys
0x8F85B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F864000 \SystemRoot\System32\Drivers\Null.SYS
0x8F86B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F872000 \SystemRoot\System32\drivers\vga.sys
0x8F87E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F89F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F8A7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F8AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F8BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F8C8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F8D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8E7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F8FB000 \SystemRoot\system32\drivers\afd.sys
0x8F943000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F975000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F98B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F999000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F9AC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F9B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9EE000 \??\C:\PROGRA~1\ECDeject\ECDejectIO.sys
0x8F9F2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F2CE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F2E5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F9FC000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F38E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F39B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F3A6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97EE0000 \SystemRoot\System32\win32k.sys
0x8A7DC000 \SystemRoot\System32\drivers\Dxapi.sys
0xA920C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98100000 \SystemRoot\System32\TSDDD.dll
0x98120000 \SystemRoot\System32\cdd.dll
0xA921B000 \SystemRoot\system32\drivers\luafv.sys
0xA9236000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA924A000 \SystemRoot\system32\drivers\spsys.sys
0xA92FA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA930A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA9334000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA933E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9351000 \SystemRoot\system32\drivers\HTTP.sys
0xA93BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA93DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAD40A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAD41F000 \SystemRoot\system32\drivers\mrxdav.sys
0xAD440000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD45F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD498000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD4B0000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD4D8000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF003000 \SystemRoot\system32\drivers\peauth.sys
0xAF0E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF0EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF0F7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAF10D000 \??\C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys
0xAF124000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xAF131000 \SystemRoot\System32\Drivers\bthport.sys
0xAF1B1000 \SystemRoot\System32\Drivers\USBD.SYS
0xAF1B3000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xAF1DC000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xAF1E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xAD526000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x77AC0000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
596 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\LEXBCES.EXE
1760 C:\Windows\System32\LEXPPS.EXE
1804 C:\Windows\System32\spoolsv.exe
1852 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1928 C:\Windows\System32\dwm.exe
1952 C:\Windows\explorer.exe
1976 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\svchost.exe
864 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
708 C:\Windows\System32\svchost.exe
1220 C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
2148 C:\Windows\System32\svchost.exe
2268 C:\Windows\System32\IoctlSvc.exe
2284 C:\Windows\System32\svchost.exe
2304 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\svchost.exe
2388 C:\Windows\System32\SearchIndexer.exe
3248 C:\Program Files\Windows Defender\MSASCui.exe
3300 C:\Windows\System32\igfxtray.exe
3308 C:\Windows\System32\hkcmd.exe
3316 C:\Windows\System32\igfxpers.exe
3356 C:\Windows\RtHDVCpl.exe
3364 C:\Windows\System32\igfxsrvc.exe
3412 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3428 C:\Program Files\Windows Sidebar\sidebar.exe
3440 C:\Windows\ehome\ehtray.exe
3548 C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
3592 C:\Windows\ehome\ehmsas.exe
2820 C:\Windows\System32\taskeng.exe
1456 C:\Program Files\Mozilla Firefox\firefox.exe
3068 C:\Windows\System32\svchost.exe
2788 WmiPrvSE.exe
1160 C:\Users\Besitzer\Desktop\mp3\osam_autorun_manager_5_0_portable\osam.exe
2824 taskeng.exe
3976 C:\Windows\System32\notepad.exe
1144 C:\Windows\System32\SearchProtocolHost.exe
3700 C:\Windows\System32\SearchFilterHost.exe
516 C:\Users\Besitzer\Desktop\MBRCheck.exe
2112 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`3fc00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 06.11.2010, 23:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2010, 11:08   #15
jonono
 
BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Standard

BDS/Papras.UW durch AntiVir in clipress.dll gefunden



Nummer 1, zweiter Scan läuft grad.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5064

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.11.2010 08:32:05
mbam-log-2010-11-07 (08-32-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262599
Laufzeit: 8 Stunde(n), 44 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Antwort

Themen zu BDS/Papras.UW durch AntiVir in clipress.dll gefunden
anti-malware, antivir, antivir meldet, appdata, benutzer, besitzer, board, data, datei, dateien, desktop, entfernt, explorer, fehlalarm, fund, google, installiert, log, malwarebytes, neue, neuen, quarantäne, roaming, service, start, version, virus, virus gefunden




Ähnliche Themen: BDS/Papras.UW durch AntiVir in clipress.dll gefunden


  1. HTML/Crypted.Gen durch Avira Antivir Browser Schutz gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (7)
  2. Durch Systemsuchlauf von Antivir versteckten Treiber gefunden - gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (25)
  3. JS/Blacole.KH.3 durch Antivir gefunden, malwarebytes meldet nichts
    Log-Analyse und Auswertung - 11.02.2013 (11)
  4. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  5. TR/Sirefef.P.566; TR/Dldr.Phdet.E.43; TR/ATRAPS.Gen2 durch AntiVir gefunden
    Log-Analyse und Auswertung - 20.07.2012 (3)
  6. Trojaner durch Antivir gefunden, aber nicht entfernbar.
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (1)
  7. 4 Trojaner Kazy, Dofoil, Jorik.Spyeyes, Spy.Gen gefunden durch AntiVir
    Log-Analyse und Auswertung - 05.06.2011 (9)
  8. Google leitet auf andere Seiten + 32 diverse Schädlinge durch Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (32)
  9. Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (10)
  10. HiJack-Logfile / papras.jf in AntiVir-Quarantäne
    Log-Analyse und Auswertung - 18.09.2010 (7)
  11. BDS/Papras.pk durch AntiVir in mounkeys.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (13)
  12. Antivir-Meldung: TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (26)
  13. JAVA/Dldr.Agent.D durch Antivir gefunden, in Quarantäne verschoben. Und nun?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.08.2010 (10)
  14. TR/PSW.Papras.AB eingefangen. Einfaches Löschen mit AntiVir genügend?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (5)
  15. Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (1)
  16. C:\WINDOWS\system32\diannsvr.dll von AntiVir als BDS/Papras.HZ erkannt
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (3)
  17. TR/Dldr.Agent.agfz durch Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.11.2008 (7)

Zum Thema BDS/Papras.UW durch AntiVir in clipress.dll gefunden - Hallo, mein AntiVir meldet regelmäßig (unter anderem beim Start eines neuen Programmes) den Fund von BD/Papras.UW in der Datei C:\Users\Benutzername\App Data\Local\clipress.dll Alle versuche die Datei in Quarantäne zu schieben haben - BDS/Papras.UW durch AntiVir in clipress.dll gefunden...
Archiv
Du betrachtest: BDS/Papras.UW durch AntiVir in clipress.dll gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.