Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
problem mit BDS/Papras.AB

problem mit BDS/Papras.AB


Plagegeister aller Art und deren Bekämpfung: problem mit BDS/Papras.AB

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.01.2011, 10:11   #3
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


vielen dank für die schnelle Antwort:

Hier ist das Ergebnis der OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.01.2011 10:01:33 - Run 5
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83,79 Gb Total Space | 59,52 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive D: | 9,37 Gb Total Space | 9,17 Gb Free Space | 97,86% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NDES00471101000 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\PMService.exe (TerraNovum)
PRC - C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (hpdj) --  File not found
SRV - (HidServ) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (DWMRCS) -- C:\WINDOWS\System32\DWRCS.exe (DameWare Development LLC)
SRV - (SavRoam) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (EPA_GPO_PMService) Energy Star(TM) -- C:\WINDOWS\system32\PMService.exe (TerraNovum)
SRV - (BBDistHandler) -- C:\maint\sid\DISTH\DISTH.EXE (IBM)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\WINDOWS\system32\nslsvice.exe (IBM Corp)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\naveng.sys (Symantec Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\savrt.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.27 15:40:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 10:21:15 | 000,000,000 | ---D | M]
 
[2010.06.23 17:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Extensions
[2011.01.20 19:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions
[2010.06.24 12:12:08 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.06.24 12:12:06 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\finder@meingutscheincode.de
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\cmo0higa.default\searchplugins\conduit.xml
[2010.06.23 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.27 18:50:31 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.27 18:50:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.27 18:50:31 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.27 18:50:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.27 18:50:31 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.19 10:52:28 | 000,426,903 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	cash advance debt consolidation insurance at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14704 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1DA617DD-BB7B-40ED-8EB6-5919719D2BB2} - C:\MSYS\kpbho.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ACSrun] C:\WINDOWS\System32\usrlogon.bat ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe (Environmental Protection Agency)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft\Office_XP_XL\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.28 14:24:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell - "" = AutoRun
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.20 19:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2011.01.20 19:38:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.20 19:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.20 19:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.01.20 19:38:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.20 19:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.20 14:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011.01.20 14:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011.01.20 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011.01.20 13:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\MFTools
[2011.01.20 10:43:30 | 000,000,000 | ---D | C] -- C:\TUWINBAU
[2011.01.20 10:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Uniblue
[2011.01.20 10:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\PackageAware
[2011.01.20 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011.01.20 09:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011.01.19 10:57:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011.01.18 18:37:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.01.18 18:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.01.18 18:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.01.18 18:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.01.18 17:54:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.01.18 07:26:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2011.01.10 12:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\My Documents\lego
[2011.01.02 05:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\malte
[2010.12.30 16:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\arne
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.21 09:43:03 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011.01.21 09:36:02 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.21 09:27:56 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2011.01.20 21:23:27 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.01.20 21:22:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.20 21:22:28 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.20 21:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.20 20:39:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.01.20 19:38:49 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:53:01 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word XP XL.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:30 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:22:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.01.20 09:22:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.01.20 09:16:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.01.20 09:15:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 12:20:55 | 000,435,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.19 12:20:55 | 000,069,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.19 12:18:04 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.19 11:07:15 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:52:28 | 000,426,903 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.19 10:01:16 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.19 09:34:37 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Paint.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:41:02 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.18 16:28:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.18 07:40:59 | 171,083,144 | ---- | M] () -- C:\Documents and Settings\***\My Documents\DJ_AIO_NonNetwork_DEU_NB.exe
[2011.01.15 07:17:34 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 08:18:28 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word XP XL.lnk
[2011.01.09 16:08:05 | 000,530,264 | ---- | M] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.09 15:06:38 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.01.03 19:00:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:58 | 001,295,148 | ---- | M] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.30 16:38:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\Filzip.ini
[2010.12.30 15:09:30 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Excel XP XL.lnk
[2010.12.27 11:04:54 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.20 19:38:49 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:18:11 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:15:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 11:07:15 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:01:16 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:40:58 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 16:28:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.09 16:08:04 | 000,530,264 | ---- | C] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.07 04:54:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.01.03 19:00:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:57 | 001,295,148 | ---- | C] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.27 15:36:41 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\***\Desktop\internt.lnk
[2010.12.20 13:05:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2010.11.16 10:54:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\VPMAB.INI
[2010.06.29 10:24:37 | 000,000,363 | ---- | C] () -- C:\WINDOWS\axabt.ini
[2010.06.29 10:24:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\axae.ini
[2010.06.29 10:24:35 | 000,006,344 | ---- | C] () -- C:\WINDOWS\alias.ini
[2010.06.29 10:24:29 | 000,000,311 | ---- | C] () -- C:\WINDOWS\VPMS.INI
[2010.06.29 10:24:28 | 000,005,184 | ---- | C] () -- C:\WINDOWS\vfrx.ini
[2010.06.24 14:51:34 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.31 08:59:43 | 000,012,240 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009.12.31 08:57:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2009.12.30 11:45:22 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009.06.21 06:41:02 | 003,195,904 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009.04.05 18:29:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.05 15:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2007.11.15 20:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 20:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 20:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2006.10.11 14:48:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2006.10.11 13:43:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2006.09.20 10:06:45 | 000,003,530 | ---- | C] () -- C:\WINDOWS\Kvdkv.ini
[2006.09.20 10:06:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\KuDaBa.ini
[2006.09.19 15:48:18 | 000,048,640 | ---- | C] () -- C:\Program Files\lv1871.exe
[2006.09.19 15:48:18 | 000,000,766 | ---- | C] () -- C:\Program Files\LV1871h.ico
[2006.09.19 13:38:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\BFDEINST.INI
[2006.09.19 13:38:35 | 000,180,660 | ---- | C] () -- C:\WINDOWS\System32\KPXLS16.DLL
[2006.09.19 13:38:34 | 000,304,640 | ---- | C] () -- C:\WINDOWS\System32\KPRPID32.DLL
[2006.09.19 13:38:34 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\Msodeger.dll
[2006.09.19 13:38:34 | 000,157,404 | ---- | C] () -- C:\WINDOWS\System32\KPFILES.DLL
[2006.09.19 13:38:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2006.09.19 13:32:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Regadll.dll
[2006.09.19 08:38:52 | 000,000,019 | ---- | C] () -- C:\WINDOWS\restart.ini
[2006.09.19 08:38:35 | 000,000,252 | ---- | C] () -- C:\WINDOWS\caf.ini
[2006.09.19 08:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BONNDATA.INI
[2006.09.19 08:34:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2006.09.19 08:34:36 | 000,042,520 | ---- | C] () -- C:\WINDOWS\System32\WSQLCALT.DLL
[2006.09.19 08:34:35 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\ASdown.DLL
[2006.08.28 16:14:11 | 000,004,730 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.28 14:58:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nova.ini
[2006.08.28 14:48:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.29 11:47:24 | 000,008,671 | ---- | C] () -- C:\WINDOWS\System32\Dwrcs.ini
[2005.04.27 19:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004.09.27 13:37:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\PMevents.dll
[2001.10.28 16:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1997.05.12 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997.05.12 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.05.12 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1980.01.01 01:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[1980.01.01 01:00:00 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
 
========== LOP Check ==========
 
[2009.07.18 14:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009.12.29 14:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009.10.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009.05.29 11:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2009.12.20 10:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009.05.18 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010.10.24 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2009.07.31 09:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009.09.27 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009.09.30 12:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2009.09.30 12:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009.09.30 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_ger
[2009.09.05 13:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009.10.12 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009.07.25 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.09.01 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2006.08.28 15:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISDNWatch
[2010.02.10 13:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009.06.16 09:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2006.08.28 14:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2009.10.04 10:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009.07.05 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009.08.31 13:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009.10.03 18:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009.09.21 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009.08.11 09:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2010.05.15 17:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010.04.13 06:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009.06.16 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\World Money
[2009.09.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009.09.26 13:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Aisle 5 Games, Inc
[2010.06.15 08:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Artogon
[2009.11.03 14:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azuaz Games
[2009.07.12 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Big Fish Games
[2009.04.01 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Boolat Games
[2009.06.21 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\BrandX Games
[2009.08.30 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Camel101
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CasualForge
[2009.08.03 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CatmoonGames
[2009.06.16 10:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\DataDesign
[2009.12.29 12:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dekovir
[2009.06.12 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dream Farm Games
[2006.09.19 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ELAXY
[2009.09.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\EleFun Games
[2009.07.04 14:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Enchanted Katya
[2009.05.19 11:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FirstColony
[2009.04.08 12:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FRITZ!
[2009.09.21 12:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gaijin Ent
[2009.09.05 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gamelab
[2009.06.10 12:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\HiT-MM
[2009.10.04 09:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\IronCode
[2009.09.21 13:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\iWin
[2010.06.11 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Janes Realty2
[2010.07.15 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\KIDDINX
[2006.10.11 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Leadertech
[2009.06.16 09:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Little Games Company
[2009.08.22 18:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lost in the City
[2010.11.12 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Luupuw
[2009.08.23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Meridian93
[2006.10.11 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PDFCreator
[2009.09.08 08:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Peace Craft
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PlayFirst
[2009.08.03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ShinyTales
[2009.08.11 09:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Shockwave
[2010.10.15 07:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\TeamViewer
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\UClick
[2011.01.20 10:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Uniblue
[2009.05.29 12:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ViquaSoft
[2010.04.13 06:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone
[2009.05.06 17:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Volkswohl Bund
[2009.05.07 16:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\World-LooM
[2009.06.21 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\YoudaGames
[2010.11.12 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Yvra
[2009.09.21 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006.08.28 15:55:54 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.11.22 04:26:07 | 000,000,000 | ---- | M] () -- C:\data
[2002.12.19 23:00:00 | 000,053,248 | ---- | M] () -- C:\gendel32.exe
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 10:16:05 | 000,010,942 | ---- | M] () -- C:\hpfr5100.log
[2010.12.08 14:20:39 | 001,048,491 | ---- | M] () -- C:\immudebug.log
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.05 21:01:57 | 000,000,486 | ---- | M] () -- C:\LOG4D.log
[2009.04.19 06:24:24 | 000,004,208 | ---- | M] () -- C:\mmisscriptprotokoll.txt
[2009.04.19 06:24:25 | 000,000,002 | ---- | M] () -- C:\mmxmlparserprotokoll.txt
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.16 04:30:18 | 000,000,029 | ---- | M] () -- C:\Nina.cfg
[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.20 21:22:12 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2009.07.20 12:34:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009.09.07 10:42:33 | 000,002,827 | ---- | M] () -- C:\RESET.log
[2008.09.26 15:52:17 | 000,034,294 | ---- | M] () -- C:\setup.log
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
 
< %systemroot%\Fonts\*.dll >
[2005.05.11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
 
< %systemroot%\Fonts\*.ini >
[2006.08.28 14:23:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007.03.22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005.05.10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007.03.28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2008.06.24 17:11:31 | 000,783,360 | ---- | M] () -- C:\WINDOWS\KPSAVER.SCR
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2009.08.24 11:01:44 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2009.06.21 06:41:04 | 003,195,904 | ---- | M] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2006.08.07 13:29:44 | 000,048,640 | ---- | M] () -- C:\Program Files\lv1871.exe
[2006.04.26 14:28:06 | 000,000,766 | ---- | M] () -- C:\Program Files\LV1871h.ico
[2011.01.21 09:32:16 | 000,007,680 | -HS- | M] () -- C:\Program Files\Thumbs.db
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.08.28 16:11:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.08.28 16:11:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.08.28 16:11:42 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 03:50:15
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41F8101
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0487F955
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35C78DCC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037

< End of report >
--- --- ---
__________________
 

Themen zu problem mit BDS/Papras.AB
antworten, avira, bds/papras, befallen, befindet, c:\windows, einstellungen, gen, information, interne, internetverbindung, keine internetverbindung, lange, langsam, load.exe, meldung, nachfrage, nicht starten, problem, proxy, starten, system, system volume information, system32, verbindung, warum, windows, worte, überhaupt, _restore


« Bei jedem PC-Start erscheint : "syncui funktioniert nicht mehr" | Nach (angeblicher) Beseitigung von cycbot.b Probleme mit dem Internet »


Ähnliche Themen: problem mit BDS/Papras.AB


  1. BDS/Papras.VZ
    Log-Analyse und Auswertung - 23.08.2011 (1)
  2. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  3. BDS/Papras.OG
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (11)
  4. BDS/Papras.PK evtl. Phishing ?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (9)
  5. Backdooprogramm BDS/Papras.PK
    Log-Analyse und Auswertung - 20.09.2010 (29)
  6. Antivir-Meldung: TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (26)
  7. TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  8. Tr/psw papras ab
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (14)
  9. Win32.Backdoor\Papras/A
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (6)
  10. TR/PSW.Papras.AB -#2
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (2)
  11. BDS.Papras.JX
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (17)
  12. BDS/Papras.KN in cmdnfig.dll
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (9)
  13. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  14. BDS/Papras.jx
    Log-Analyse und Auswertung - 08.07.2010 (1)
  15. BDS/Papras.JF [backdoor]
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (3)
  16. BDS/Papras.HE entfernen
    Log-Analyse und Auswertung - 13.06.2010 (1)
  17. BDS/Papras.GX
    Log-Analyse und Auswertung - 13.06.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema problem mit BDS/Papras.AB - vielen dank für die schnelle Antwort: Hier ist das Ergebnis der OTL.txt:OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 21.01.2011 10:01:33 - Run 5 OTL by OldTimer - problem mit BDS/Papras.AB...
Archiv
Du betrachtest: problem mit BDS/Papras.AB auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27