|
Plagegeister aller Art und deren Bekämpfung: BDS/Papras.UW durch AntiVir in clipress.dll gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.11.2010, 08:55 | #1 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Hallo, mein AntiVir meldet regelmäßig (unter anderem beim Start eines neuen Programmes) den Fund von BD/Papras.UW in der Datei C:\Users\Benutzername\App Data\Local\clipress.dll Alle versuche die Datei in Quarantäne zu schieben haben nicht funktioniert. Ich habe nach einigem googlen Malwarebytes installiert und laufen lassen. Der hat beim ersten Suchen einen anderen Virus gefunden und entfernt (Malware.Trace in avdrn.dat, siehe unten), beim zweiten Suchlauf war dann alles sauber. An der Datei clipress.dll stört er sich nicht. Testweise habe ich die Datei selbst mal verschoben (auf den Desktop) um zu sehen was passiert. Die AntiVir-Meldung kommt nun immernoch, mit dem geänderten Pfad (c:\Users\Benutzername\Desktop\clipress.dll) Habe an anderer Stelle hier im Board schon gelesen, dass es auch ein Fehlalarm von Antivir sein könnte. Aber wie finde ich das raus? Hier das Log vom ersten Suchlauf: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5044 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 04.11.2010 22:09:39 mbam-log-2010-11-04 (22-09-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 262447 Laufzeit: 1 Stunde(n), 33 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Besitzer\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Und vom zweiten Suchlauf: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5044 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 04.11.2010 23:43:00 mbam-log-2010-11-04 (23-43-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 262491 Laufzeit: 1 Stunde(n), 21 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
05.11.2010, 17:16 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
06.11.2010, 11:52 | #3 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Hallo,
__________________Danke für die Antwort! Hier die Logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.11.2010 10:16:07 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 29,37 Gb Free Space | 31,85% Space Free | Partition Type: NTFS Drive D: | 197,09 Gb Total Space | 173,48 Gb Free Space | 88,02% Space Free | Partition Type: NTFS Computer Name: JONATHAN | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B9251B8-E961-4F5A-96AA-D2B9F126FD2C}" = lport=138 | protocol=17 | dir=in | app=system | "{108C0BBD-3DDC-46F2-8C2A-6446F761B5C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1303D149-E10C-47CE-9720-F7A91A941A39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{145891A8-E45B-478A-930C-5D9C615EF893}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3505FE7D-4A25-4551-BE85-7956F5462F5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{449AC094-14F8-4972-AF77-B536984E7245}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4CB06D9F-53A1-4CEE-9A27-98198596888F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{506B4BBA-F08A-47BB-ADE0-5D937C9EE670}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{53CBC31B-F307-4F37-906D-13A748E31CBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5471D7DE-39AB-431F-B677-651AC686C0C5}" = rport=445 | protocol=6 | dir=out | app=system | "{61996DC3-726E-41AD-9711-4FCB04AD912F}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{6D072839-F20A-4C0B-BE12-CA1002B531F0}" = lport=1100 | protocol=6 | dir=in | name=tor | "{83093325-D95C-4745-BB71-6DBFAC773A5C}" = lport=139 | protocol=6 | dir=in | app=system | "{84170CA2-5882-4A08-AE6C-5709F6603698}" = rport=137 | protocol=17 | dir=out | app=system | "{84E08DBA-CFE9-4F79-8936-20CC855C2B48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{96E3C529-3134-40AD-B202-A069DB9F2354}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{AFC7DCA9-F04A-4BD4-B51E-E13D3A96A687}" = rport=139 | protocol=6 | dir=out | app=system | "{BEE4E7AD-ED39-4576-A93D-9BB0C43AEFAC}" = lport=137 | protocol=17 | dir=in | app=system | "{D24EFB16-A9A5-427F-8303-02E7E390F568}" = lport=445 | protocol=6 | dir=in | app=system | "{D9AE5C64-3035-4300-9B68-CC6F09620AA8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{DC5DFB7F-FEB5-4BC9-A89E-9E6C0E538606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF886EAE-0DDF-4241-AC04-BDC9978E1927}" = rport=138 | protocol=17 | dir=out | app=system | "{FA6E1445-8B9E-41BE-BE63-BBBEE5CBF82A}" = lport=1100 | protocol=17 | dir=in | name=tor udp | "{FF73E513-3DB9-4F3C-952C-5872A30CC2E5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F5ECA54-88FE-4B3B-849F-F54471D61969}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{1BA840F9-D2B6-4FF4-B286-654A9B656CB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1C9C2D86-B5BD-4C2D-B4EF-F62D7230C00E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1EB3BBD3-8782-483F-84AE-2A382BA8DBD7}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe | "{3400A4FB-0E1E-4844-B5D9-372435A4CB15}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | "{52D8087B-7F7B-4B74-B73B-EE1370B3A037}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{60F79FF3-2991-4D6E-8478-2C0E725021B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{698FFB3A-FAB6-44BF-8353-9EBDEA8F704F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7CD74BC8-B01F-4BC9-93EF-0C34866A8D4B}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | "{91881304-1D07-4FA6-8078-3A3650CE87AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9F8AACE-3EE8-4D64-B0AF-3ED5E148C1C4}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{B19E6360-1B25-4D34-86A9-5EBA9A8596F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B777F5BC-4661-4A30-A12E-F1B82AEBA2A5}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{BC4FFE35-835D-4BF7-BEB3-671969F79C5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C75178D2-4833-4A44-9496-B03EBCB9E544}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E66F7070-2117-484B-A7D0-7914D338C5A3}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe | "TCP Query User{016BF2C6-EA92-4148-B865-F48BF807F333}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{0D863F7C-974C-4496-85F8-55CFC83B9A05}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | "TCP Query User{4CCA00AC-96D4-472D-A582-72589A815DA1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{574FBCB0-4F0A-4C01-A738-8A6B31FDF239}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | "TCP Query User{6FDBB36F-F238-4AC7-98A4-520C66CAA928}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{E229D3B8-31E8-4975-972E-1CBDED0EE5F8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E9F31EC8-0294-4805-A8B0-8F21D580BF08}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{EE7280DF-E6D9-42BE-BFAE-49D355BB20A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{42CF017A-8471-43AF-9711-BCEF6E132AF9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{571ABE52-9AD7-4186-AD42-6BDB400B7435}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | "UDP Query User{7C9E4F21-C342-4AD2-928C-EA3FFDB55337}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{9D03603D-01F9-46C6-9726-F5870158E4E3}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{A2D9C7B8-3CAD-4FBE-AA72-10F4DC1AC305}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{AB8AE4C5-9885-42F1-AAC9-E864058052B8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{E3C0B46E-2514-4F1D-A5AB-C2AA6DD15BBE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{F6C86C06-EC87-46E5-AD68-B28C53C5C652}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17 "{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.26 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Arena 2.0.1_is1" = Arena 2.0.1 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "CCleaner" = CCleaner "Core FTP LE 2.1" = Core FTP LE 2.1 "Debut" = Debut Video Capture Software "dm-Fotowelt" = dm-Fotowelt "ECDeject" = ECDeject "ElsterFormular 11.5.0.4546" = ElsterFormular "FileZilla Client" = FileZilla Client 3.2.5 "FlashGet" = FlashGet 1.9.6.1073 "Football Manager 2008" = Football Manager 2008 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "JAP" = JAP "JDownloader" = JDownloader "Lexmark X74-X75" = Lexmark X74-X75 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "pdfsam" = pdfsam "Pixillion" = Pixillion Image Converter "PROSet" = Intel(R) Network Connections Drivers "SopCast" = SopCast 3.2.9 "Videoload Manager" = Videoload Manager 2.0.2171 "VLC media player" = VLC media player 1.0.3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.10.2010 14:00:24 | Computer Name = jonathan | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung gimp-2.6.exe, Version 0.0.0.0, Zeitstempel 0x49c4317f, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x00066796, Prozess-ID 0x150, Anwendungsstartzeit 01cb7536fe733148. Error - 26.10.2010 15:06:26 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 27.10.2010 02:54:07 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 29.10.2010 03:27:59 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 29.10.2010 15:13:55 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 29.10.2010 16:46:34 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 30.10.2010 03:40:03 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 31.10.2010 06:09:23 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 31.10.2010 07:46:47 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = Error - 01.11.2010 14:30:30 | Computer Name = jonathan | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 22.09.2010 14:36:11 | Computer Name = jonathan | Source = DCOM | ID = 10010 Description = Error - 24.09.2010 02:10:44 | Computer Name = jonathan | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 23.09.2010 um 22:31:20 unerwartet heruntergefahren. Error - 29.09.2010 16:30:22 | Computer Name = jonathan | Source = DCOM | ID = 10010 Description = Error - 01.10.2010 02:10:49 | Computer Name = jonathan | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 03.10.2010 13:12:58 | Computer Name = jonathan | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.10.2010 07:18:36 | Computer Name = jonathan | Source = Service Control Manager | ID = 7011 Description = Error - 17.10.2010 15:29:44 | Computer Name = jonathan | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 00215D1D14EE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 20.10.2010 16:18:45 | Computer Name = jonathan | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 04.11.2010 16:29:06 | Computer Name = jonathan | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 04.11.2010 16:29:06 | Computer Name = jonathan | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. < End of report > -------------------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.11.2010 10:16:07 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 29,37 Gb Free Space | 31,85% Space Free | Partition Type: NTFS Drive D: | 197,09 Gb Total Space | 173,48 Gb Free Space | 88,02% Space Free | Partition Type: NTFS Computer Name: JONATHAN | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys File not found DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ECDejectPortIO) -- C:\Programme\ECDeject\ECDejectIo.sys (Dritek System Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.boston.com/bigpicture/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: asf@mangaheart.org:1.0.1 FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.1 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.7 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..network.proxy.socks_version: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.12 15:24:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.04 10:49:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.16 11:51:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.04 10:49:44 | 000,000,000 | ---D | M] [2009.05.07 16:12:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2010.11.06 10:00:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions [2009.11.16 11:36:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.12.16 13:28:57 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.02.16 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\asf@mangaheart.org [2010.11.02 21:11:27 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\firefox@tvunetworks.com [2010.10.03 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\tabscope@xuldev.org [2010.11.01 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vresh7pc.default\extensions\twitternotifier@naan.net [2010.06.22 11:14:11 | 000,001,330 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\FireFox\Profiles\vresh7pc.default\searchplugins\wikipedia-en.xml [2009.12.01 18:38:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll [2010.03.12 15:24:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 15:24:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 15:24:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 15:24:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 15:24:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Compecab] C:\Users\Besitzer\AppData\Local\Temp\clipress.DLL File not found O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell - "" = AutoRun O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.06 10:15:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2010.11.04 19:09:46 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2010.11.04 19:08:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.04 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.04 19:08:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.04 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.02 21:24:37 | 000,000,000 | ---D | C] -- C:\Programme\SopCast [2010.11.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\TVU Networks [2010.11.02 21:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks [2010.11.02 21:11:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx [2010.10.27 08:00:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 08:00:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.27 08:00:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.14 09:18:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 09:18:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 09:18:20 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 09:18:18 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 09:18:17 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 09:18:15 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 09:18:13 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 09:18:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.14 09:18:03 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 09:17:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 09:17:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 09:17:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.10.14 09:17:58 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [1 C:\Users\Besitzer\Documents\*.tmp files -> C:\Users\Besitzer\Documents\*.tmp -> ] [1 C:\Users\Besitzer\Desktop\*.tmp files -> C:\Users\Besitzer\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.06 10:20:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{549B8BBE-57D0-471E-BE5B-9CFCEC148D79}.job [2010.11.06 10:15:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2010.11.06 10:09:41 | 000,007,804 | ---- | M] () -- C:\Users\Besitzer\Desktop\Antrag.pdf [2010.11.06 10:02:35 | 000,007,256 | ---- | M] () -- C:\Users\Besitzer\Desktop\Download.pdf [2010.11.06 09:55:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.06 09:55:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.06 09:55:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.06 09:55:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.06 09:49:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.06 09:49:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.06 09:49:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.06 09:49:17 | 3180,208,128 | -HS- | M] () -- C:\hiberfil.sys [2010.11.05 09:31:44 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.01 21:46:18 | 000,007,256 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288642600-enm-Download.pdf [2010.11.01 21:46:11 | 000,260,190 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644021-enm-Download.pdf [2010.11.01 21:46:04 | 000,024,707 | ---- | M] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644050-enm-Antrag.pdf [2010.10.31 18:58:00 | 000,001,472 | ---- | M] () -- C:\Users\Besitzer\.recently-used.xbel [2010.10.20 22:26:54 | 000,051,712 | ---- | M] () -- C:\Users\Besitzer\Desktop\clipress.dll [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.15 08:19:00 | 000,304,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.14 10:53:22 | 000,005,681 | ---- | M] () -- C:\Users\Besitzer\Documents\Rechnung 10-05 (Müller Dragan Auslagen).pdf [1 C:\Users\Besitzer\Documents\*.tmp files -> C:\Users\Besitzer\Documents\*.tmp -> ] [1 C:\Users\Besitzer\Desktop\*.tmp files -> C:\Users\Besitzer\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.06 10:09:40 | 000,007,804 | ---- | C] () -- C:\Users\Besitzer\Desktop\Antrag.pdf [2010.11.06 10:02:34 | 000,007,256 | ---- | C] () -- C:\Users\Besitzer\Desktop\Download.pdf [2010.11.01 21:46:18 | 000,007,256 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288642600-enm-Download.pdf [2010.11.01 21:46:11 | 000,260,190 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644021-enm-Download.pdf [2010.11.01 21:46:04 | 000,024,707 | ---- | C] () -- C:\Users\Besitzer\Desktop\-snm-0177507461-1287475163-005300001e-0000005235-1288644050-enm-Antrag.pdf [2010.10.31 18:58:00 | 000,001,472 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel [2010.10.20 22:26:54 | 000,051,712 | ---- | C] () -- C:\Users\Besitzer\Desktop\clipress.dll [2010.10.14 10:53:21 | 000,005,681 | ---- | C] () -- C:\Users\Besitzer\Documents\Rechnung 10-05 (Müller Dragan Auslagen).pdf [2010.09.04 00:08:03 | 000,000,016 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\hngmfc.dat [2010.08.14 09:40:05 | 000,000,801 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2010.06.09 10:52:36 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\rx_image.Cache [2010.01.11 16:44:36 | 000,013,906 | ---- | C] () -- C:\Windows\hplj1010.ini [2009.10.21 10:02:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.29 18:31:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.09 15:47:57 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.05.06 15:51:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.06 15:51:35 | 000,058,368 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.06 14:07:42 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.07.30 05:34:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll [2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2002.10.14 15:39:18 | 000,000,184 | ---- | C] () -- C:\Windows\System32\lxbbcoin.ini [2001.07.31 11:17:12 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL < End of report > |
06.11.2010, 16:28 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKCU..\Run: [Compecab] C:\Users\Besitzer\AppData\Local\Temp\clipress.DLL File not found O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell - "" = AutoRun O33 - MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell - "" = AutoRun O33 - MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell - "" = AutoRun O33 - MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found [2010.10.20 22:26:54 | 000,051,712 | ---- | M] () -- C:\Users\Besitzer\Desktop\clipress.dll [2010.09.04 00:08:03 | 000,000,016 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\hngmfc.dat :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2010, 17:34 | #5 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Okay, hat alles geklappt, mit Neustart. Hier das Log: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Compecab deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87633-ef1e-11de-a6b8-001644fc88b0}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a87661-ef1e-11de-a6b8-001644fc88b0}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e319-3b18-11de-9b22-806e6f6e6963}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d17e374-3b18-11de-9b22-00215d1d14ee}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81395676-3ca8-11de-b889-00215d1d14ee}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cc789ba-e5fb-11de-889d-001644fc88b0}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6bf1c5-3f0a-11de-9269-00030da23311}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c8d-42cb-11de-bc37-00215d1d14ee}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cded0c9e-42cb-11de-bc37-00215d1d14ee}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddedaf20-3fa0-11de-80fc-00215d1d14ee}\ not found. File F:\AutoRun.exe not found. C:\Users\Besitzer\Desktop\clipress.dll moved successfully. C:\Users\Besitzer\AppData\Roaming\hngmfc.dat moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Besitzer ->Temp folder emptied: 1654194 bytes ->Temporary Internet Files folder emptied: 193604 bytes ->Java cache emptied: 44377306 bytes ->FireFox cache emptied: 47484342 bytes ->Opera cache emptied: 539475 bytes ->Flash cache emptied: 36340 bytes User: Cosima User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1987536 bytes RecycleBin emptied: 2307133127 bytes Total Files Cleaned = 2.292,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11062010_172850 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
06.11.2010, 17:43 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> BDS/Papras.UW durch AntiVir in clipress.dll gefunden |
06.11.2010, 18:11 | #7 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Hallo, das war leider kein Erfolg. ComboFix ist mit Bluescreen abgestürzt. Lag es vielleicht an irgendeinem Programm im Hintergrund, das ich vergessen habe zu schließen? Ein Log gibt es nicht, auch nicht im Root von C Soll ich's nochmal laufen lassen? VIELEN DANK FÜR DIE HILFE !!!!! |
06.11.2010, 18:38 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Ja lass es bitte nochmal laufen.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2010, 19:04 | #9 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Gleiches Ergebnis. Muss ich die Windows Firewall auch ausstellen? |
06.11.2010, 19:06 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Die Windows-Firewall kann eigentlich an bleiben. Mach mal erst Logs mit GMER und OSAM wenn CF nicht will. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2010, 20:10 | #11 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden hier schonmal GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15507 - hxxp://www.gmer.net Rootkit scan 2010-11-06 20:06:46 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 11.01A11 Running: cln13xe3.exe; Driver: C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys ---- System - GMER 1.0.15 ---- SSDT 8C3525C4 ZwCreateThread SSDT 8C3525B0 ZwOpenProcess SSDT 8C3525B5 ZwOpenThread SSDT 8C3525BF ZwTerminateProcess INT 0x62 ? 864CDBF8 INT 0x72 ? 864CDBF8 INT 0x92 ? 864CDBF8 INT 0xA2 ? 854ECBF8 INT 0xA2 ? 854ECBF8 INT 0xA2 ? 854ECBF8 INT 0xA2 ? 864CDBF8 INT 0xA2 ? 864CDBF8 INT 0xA2 ? 854EBD10 INT 0xA2 ? 854EBD10 INT 0xA2 ? 854EBD10 INT 0xA2 ? 864CDBF8 INT 0xA2 ? 854ECBF8 INT 0xB2 ? 864CDBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 820B1984 4 Bytes [C4, 25, 35, 8C] .text ntkrnlpa.exe!KeSetEvent + 3F1 820B1B54 4 Bytes [B0, 25, 35, 8C] .text ntkrnlpa.exe!KeSetEvent + 40D 820B1B70 4 Bytes [B5, 25, 35, 8C] .text ntkrnlpa.exe!KeSetEvent + 621 820B1D84 4 Bytes [BF, 25, 35, 8C] ? System32\Drivers\spbh.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8A54441B 5 Bytes JMP 864CD1D8 .text a0cnn1d2.SYS 8A376000 22 Bytes [82, 53, 3C, 82, 6C, 52, 3C, ...] .text a0cnn1d2.SYS 8A376017 118 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...] .text a0cnn1d2.SYS 8A37608E 16 Bytes [04, 82, 84, 38, 05, 82, 30, ...] .text a0cnn1d2.SYS 8A37609F 45 Bytes [82, 20, E0, 0A, 82, 64, D6, ...] .text a0cnn1d2.SYS 8A3760CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806966D6] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80696042] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80696800] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806960C0] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069613E] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A5E9C] \SystemRoot\System32\Drivers\spbh.sys IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortUchar] 838A39BF IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A3990 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\a0cnn1d2.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 854F21F8 Device \Driver\volmgr \Device\VolMgrControl 854EE1F8 Device \Driver\usbuhci \Device\USBPDO-0 864D21F8 Device \Driver\usbuhci \Device\USBPDO-1 864D21F8 Device \Driver\usbuhci \Device\USBPDO-2 864D21F8 Device \Driver\usbehci \Device\USBPDO-3 864E0500 Device \Driver\usbuhci \Device\USBPDO-4 864D21F8 Device \Driver\usbuhci \Device\USBPDO-5 864D21F8 Device \Driver\usbuhci \Device\USBPDO-6 864D21F8 Device \Driver\PCI_PNP7957 \Device\00000063 spbh.sys Device \Driver\volmgr \Device\HarddiskVolume1 854EE1F8 Device \Driver\usbehci \Device\USBPDO-7 864E0500 Device \Driver\volmgr \Device\HarddiskVolume2 854EE1F8 Device \Driver\cdrom \Device\CdRom0 8661F1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854F01F8 Device \Driver\atapi \Device\Ide\IdePort0 854F01F8 Device \Driver\atapi \Device\Ide\IdePort1 854F01F8 Device \Driver\atapi \Device\Ide\IdePort2 854F01F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854F01F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 854F11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 854F11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 854F11F8 Device \Driver\volmgr \Device\HarddiskVolume3 854EE1F8 Device \Driver\cdrom \Device\CdRom1 8661F1F8 Device \Driver\BTHUSB \Device\00000081 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\netbt \Device\NetBt_Wins_Export 89DF81F8 Device \Driver\BTHUSB \Device\00000083 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\Smb \Device\NetbiosSmb 89DD2500 Device \Driver\netbt \Device\NetBT_Tcpip_{0A768961-F322-4E8B-9C44-CC27116F4786} 89DF81F8 Device \Driver\iScsiPrt \Device\RaidPort0 866101F8 Device \Driver\netbt \Device\NetBT_Tcpip_{8420A3BA-D7CD-420A-AF1C-D7C06C0DC783} 89DF81F8 Device \Driver\usbuhci \Device\USBFDO-0 864D21F8 Device \Driver\netbt \Device\NetBT_Tcpip_{45858A33-5356-485C-8C6B-C8C60C664690} 89DF81F8 Device \Driver\usbuhci \Device\USBFDO-1 864D21F8 Device \Driver\sptd \Device\1088795970 spbh.sys Device \Driver\usbuhci \Device\USBFDO-2 864D21F8 Device \Driver\usbehci \Device\USBFDO-3 864E0500 Device \Driver\usbuhci \Device\USBFDO-4 864D21F8 Device \Driver\usbuhci \Device\USBFDO-5 864D21F8 Device \Driver\usbuhci \Device\USBFDO-6 864D21F8 Device \Driver\usbehci \Device\USBFDO-7 864E0500 Device \Driver\a0cnn1d2 \Device\Scsi\a0cnn1d21Port7Path0Target0Lun0 866191F8 Device \Driver\a0cnn1d2 \Device\Scsi\a0cnn1d21 866191F8 Device \Driver\JMCR \Device\Scsi\JMCR1 865A1500 Device \Driver\JMCR \Device\Scsi\JMCR2 865A1500 Device \Driver\JMCR \Device\Scsi\JMCR3 865A1500 Device \FileSystem\cdfs \Cdfs AF9D21F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fc88b0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fc88b0@000f865a221c 0xBA 0x68 0xD7 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0xAB 0xDF 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9B 0x53 0x5D 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xB2 0xBA 0x03 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001644fc88b0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001644fc88b0@000f865a221c 0xBA 0x68 0xD7 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0xAB 0xDF 0x92 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9B 0x53 0x5D 0x4B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xB2 0xBA 0x03 ... ---- EOF - GMER 1.0.15 ---- |
06.11.2010, 20:16 | #12 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Hier OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:15:33 on 06.11.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a0cnn1d2" (a0cnn1d2) - "Microsoft Corporation" - C:\Windows\system32\drivers\a0cnn1d2.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys (File not found) "catchme" (catchme) - ? - C:\Users\Besitzer\AppData\Local\Temp\catchme.sys (File not found) "ECS ECDeject Port I/O" (ECDejectPortIO) - "Dritek System Inc." - C:\PROGRA~1\ECDeject\ECDejectIO.sys "fflyypow" (fflyypow) - ? - C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys (Hidden registry entry, rootkit activity | File not found) "GpdDevDPort" (GpdDevDPort) - ? - C:\Windows\system32\directport.sys (File not found) "GpdKbFilter" (GpdKbFilter) - ? - C:\Windows\system32\kbfiltr.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - c:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - c:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll "FlashGet" - "FlashGet.com" - C:\Program Files\FlashGet\FlashGet.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Program Files\FlashGet\jccatch.dll {F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Program Files\FlashGet\getflash.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SODCPreLoad" - ? - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe C:\Users\Besitzer\IBM\Lotus\Symphony\.sodc\ (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Lexmark Network Port" - "Lexmark International, Inc." - C:\Windows\system32\LEXLMPM.DLL "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LexBce Server" (LexBceS) - "Lexmark International, Inc." - C:\Windows\System32\LEXBCES.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe (File found, but it contains no detailed information) "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
06.11.2010, 20:18 | #13 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Und Nummer 3: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Si 3655 Logical Drives Mask: 0x0000005c Kernel Drivers (total 148): 0x82005000 \SystemRoot\system32\ntkrnlpa.exe 0x823BE000 \SystemRoot\system32\hal.dll 0x8040B000 \SystemRoot\system32\kdcom.dll 0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80482000 \SystemRoot\system32\PSHED.dll 0x80493000 \SystemRoot\system32\BOOTVID.dll 0x8049B000 \SystemRoot\system32\CLFS.SYS 0x804DC000 \SystemRoot\system32\CI.dll 0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80694000 \SystemRoot\System32\Drivers\spbh.sys 0x80795000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8079E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x82607000 \SystemRoot\system32\drivers\acpi.sys 0x8264D000 \SystemRoot\system32\drivers\msisadrv.sys 0x82655000 \SystemRoot\system32\drivers\pci.sys 0x8267C000 \SystemRoot\System32\drivers\partmgr.sys 0x8268B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8268E000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82698000 \SystemRoot\system32\drivers\volmgr.sys 0x826A7000 \SystemRoot\System32\drivers\volmgrx.sys 0x826F1000 \SystemRoot\System32\drivers\mountmgr.sys 0x82701000 \SystemRoot\system32\drivers\atapi.sys 0x82709000 \SystemRoot\system32\drivers\ataport.SYS 0x82727000 \SystemRoot\system32\drivers\msahci.sys 0x82731000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8273F000 \SystemRoot\system32\drivers\fltmgr.sys 0x82771000 \SystemRoot\system32\drivers\fileinfo.sys 0x82781000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A204000 \SystemRoot\system32\drivers\ndis.sys 0x8A30F000 \SystemRoot\system32\drivers\msrpc.sys 0x8A33A000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A40F000 \SystemRoot\System32\drivers\tcpip.sys 0x8A4F9000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A60B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A71B000 \SystemRoot\system32\drivers\volsnap.sys 0x8A754000 \SystemRoot\System32\Drivers\spldr.sys 0x8A75C000 \SystemRoot\System32\Drivers\mup.sys 0x8A76B000 \SystemRoot\System32\drivers\ecache.sys 0x8A792000 \SystemRoot\system32\drivers\disk.sys 0x8A7A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A7C4000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A7EF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A600000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8EA00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8F0DD000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F17E000 \SystemRoot\System32\drivers\watchdog.sys 0x8F18A000 \SystemRoot\system32\DRIVERS\e1y6032.sys 0x8F1C4000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A514000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F1CF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8A552000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E209000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x8E590000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8E5A0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8E5AE000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x8E5C3000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8E5DD000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8E5E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8E5F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8F1DE000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8A5DF000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8A375000 \SystemRoot\System32\Drivers\a0cnn1d2.SYS 0x8F1E9000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8A3AD000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x805BC000 \SystemRoot\system32\DRIVERS\storport.sys 0x8A400000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E200000 \SystemRoot\System32\Drivers\RootMdm.sys 0x8A3DC000 \SystemRoot\system32\drivers\modem.sys 0x8A3E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x827F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x807C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x807E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8F205000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8F219000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8F22E000 \SystemRoot\system32\DRIVERS\RimSerial.sys 0x8F235000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8F245000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8F247000 \SystemRoot\system32\DRIVERS\ks.sys 0x8F271000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8F27B000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8F288000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8F2BD000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8F600000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8F809000 \SystemRoot\system32\drivers\portcls.sys 0x8F836000 \SystemRoot\system32\drivers\drmk.sys 0x8F85B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8F864000 \SystemRoot\System32\Drivers\Null.SYS 0x8F86B000 \SystemRoot\System32\Drivers\Beep.SYS 0x8F872000 \SystemRoot\System32\drivers\vga.sys 0x8F87E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8F89F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8F8A7000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8F8AF000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8F8BA000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8F8C8000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8F8D1000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8F8E7000 \SystemRoot\system32\DRIVERS\smb.sys 0x8F8FB000 \SystemRoot\system32\drivers\afd.sys 0x8F943000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8F975000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F98B000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F999000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F9AC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F9B2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F9EE000 \??\C:\PROGRA~1\ECDeject\ECDejectIO.sys 0x8F9F2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F2CE000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F2E5000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F9FC000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F38E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F39B000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F3A6000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x97EE0000 \SystemRoot\System32\win32k.sys 0x8A7DC000 \SystemRoot\System32\drivers\Dxapi.sys 0xA920C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98100000 \SystemRoot\System32\TSDDD.dll 0x98120000 \SystemRoot\System32\cdd.dll 0xA921B000 \SystemRoot\system32\drivers\luafv.sys 0xA9236000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA924A000 \SystemRoot\system32\drivers\spsys.sys 0xA92FA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA930A000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA9334000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA933E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA9351000 \SystemRoot\system32\drivers\HTTP.sys 0xA93BE000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA93DB000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAD40A000 \SystemRoot\System32\drivers\mpsdrv.sys 0xAD41F000 \SystemRoot\system32\drivers\mrxdav.sys 0xAD440000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAD45F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAD498000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAD4B0000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAD4D8000 \SystemRoot\System32\DRIVERS\srv.sys 0xAF003000 \SystemRoot\system32\drivers\peauth.sys 0xAF0E1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAF0EB000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAF0F7000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAF10D000 \??\C:\Users\Besitzer\AppData\Local\Temp\fflyypow.sys 0xAF124000 \SystemRoot\System32\Drivers\BTHUSB.sys 0xAF131000 \SystemRoot\System32\Drivers\bthport.sys 0xAF1B1000 \SystemRoot\System32\Drivers\USBD.SYS 0xAF1B3000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0xAF1DC000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0xAF1E6000 \SystemRoot\system32\DRIVERS\bthpan.sys 0xAD526000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0x77AC0000 \Windows\System32\ntdll.dll Processes (total 60): 0 System Idle Process 4 System 460 C:\Windows\System32\smss.exe 596 csrss.exe 640 C:\Windows\System32\wininit.exe 652 csrss.exe 684 C:\Windows\System32\services.exe 716 C:\Windows\System32\lsass.exe 724 C:\Windows\System32\lsm.exe 792 C:\Windows\System32\winlogon.exe 904 C:\Windows\System32\svchost.exe 984 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\svchost.exe 1264 C:\Windows\System32\audiodg.exe 1300 C:\Windows\System32\SLsvc.exe 1356 C:\Windows\System32\svchost.exe 1532 C:\Windows\System32\svchost.exe 1732 C:\Windows\System32\LEXBCES.EXE 1760 C:\Windows\System32\LEXPPS.EXE 1804 C:\Windows\System32\spoolsv.exe 1852 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1928 C:\Windows\System32\dwm.exe 1952 C:\Windows\explorer.exe 1976 C:\Windows\System32\taskeng.exe 1992 C:\Windows\System32\svchost.exe 864 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 708 C:\Windows\System32\svchost.exe 1220 C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe 2148 C:\Windows\System32\svchost.exe 2268 C:\Windows\System32\IoctlSvc.exe 2284 C:\Windows\System32\svchost.exe 2304 C:\Windows\System32\svchost.exe 2332 C:\Windows\System32\svchost.exe 2364 C:\Windows\System32\svchost.exe 2388 C:\Windows\System32\SearchIndexer.exe 3248 C:\Program Files\Windows Defender\MSASCui.exe 3300 C:\Windows\System32\igfxtray.exe 3308 C:\Windows\System32\hkcmd.exe 3316 C:\Windows\System32\igfxpers.exe 3356 C:\Windows\RtHDVCpl.exe 3364 C:\Windows\System32\igfxsrvc.exe 3412 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3428 C:\Program Files\Windows Sidebar\sidebar.exe 3440 C:\Windows\ehome\ehtray.exe 3548 C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe 3592 C:\Windows\ehome\ehmsas.exe 2820 C:\Windows\System32\taskeng.exe 1456 C:\Program Files\Mozilla Firefox\firefox.exe 3068 C:\Windows\System32\svchost.exe 2788 WmiPrvSE.exe 1160 C:\Users\Besitzer\Desktop\mp3\osam_autorun_manager_5_0_portable\osam.exe 2824 taskeng.exe 3976 C:\Windows\System32\notepad.exe 1144 C:\Windows\System32\SearchProtocolHost.exe 3700 C:\Windows\System32\SearchFilterHost.exe 516 C:\Users\Besitzer\Desktop\MBRCheck.exe 2112 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`3fc00000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
06.11.2010, 23:37 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BDS/Papras.UW durch AntiVir in clipress.dll gefunden Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2010, 11:08 | #15 |
| BDS/Papras.UW durch AntiVir in clipress.dll gefunden Nummer 1, zweiter Scan läuft grad. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5064 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 07.11.2010 08:32:05 mbam-log-2010-11-07 (08-32-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 262599 Laufzeit: 8 Stunde(n), 44 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Themen zu BDS/Papras.UW durch AntiVir in clipress.dll gefunden |
anti-malware, antivir, antivir meldet, appdata, benutzer, besitzer, board, data, datei, dateien, desktop, entfernt, explorer, fehlalarm, fund, google, installiert, log, malwarebytes, neue, neuen, quarantäne, roaming, service, start, version, virus, virus gefunden |