Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
problem mit BDS/Papras.AB

problem mit BDS/Papras.AB


Plagegeister aller Art und deren Bekämpfung: problem mit BDS/Papras.AB

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 20.01.2011, 19:48   #1
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Hallo,

ich habe schon von mehreren Mitgliedern hier gelesen, daß sie von BDS/Papras.AB befallen wurden. Er befindet sich bei mir an 2 Orten..Geht das überhaupt? Ich habe Meldung von Avira bekommen, daß es einmal
C:\Windows\system32\dllhethc.dll ist und einmal unter C:\System Volume information\_restore{ewig lange Zahlenkombination}\A0315450.dll

Wie werde ich ihn los? Kann ich Ihn überhaupt los werden?
Ich habe mir die Antworten der Administratoren durchgelesen und mir daraufhin Load.exe und OTL heruntergeladen.

Die Load.exe läßt sich leider nicht starten, da immer die Meldung kommt, es sein keine Internetverbindung offen. Das kann aber nicht sein. Das Internet ist nur seeehr langsam :-( Ich weiß nicht warum, aber das mit dem Proxy Einstellungen habe ich überprüft- das kann es nicht sein.

Ich wollte nachfragen, was ich nun tun soll? Es wäre sehr nett, wenn mir jemand weiterhelfen könnte.

Alt 21.01.2011, 01:08   #2
Swisstreasure
/// Malwareteam
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.





Falls das nicht geht, dann lade Dir von einem anderen Rechner Malwarebytes auf einen USB Stick und kopiere es dann auf den infizierten Rechner und lass es laufen gemäss Anleitung.
__________________
Alt 21.01.2011, 10:11   #3
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


vielen dank für die schnelle Antwort:

Hier ist das Ergebnis der OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.01.2011 10:01:33 - Run 5
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83,79 Gb Total Space | 59,52 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive D: | 9,37 Gb Total Space | 9,17 Gb Free Space | 97,86% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NDES00471101000 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\PMService.exe (TerraNovum)
PRC - C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (hpdj) --  File not found
SRV - (HidServ) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (DWMRCS) -- C:\WINDOWS\System32\DWRCS.exe (DameWare Development LLC)
SRV - (SavRoam) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (EPA_GPO_PMService) Energy Star(TM) -- C:\WINDOWS\system32\PMService.exe (TerraNovum)
SRV - (BBDistHandler) -- C:\maint\sid\DISTH\DISTH.EXE (IBM)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\WINDOWS\system32\nslsvice.exe (IBM Corp)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\naveng.sys (Symantec Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\savrt.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.27 15:40:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 10:21:15 | 000,000,000 | ---D | M]
 
[2010.06.23 17:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Extensions
[2011.01.20 19:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions
[2010.06.24 12:12:08 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.06.24 12:12:06 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\finder@meingutscheincode.de
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\cmo0higa.default\searchplugins\conduit.xml
[2010.06.23 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.27 18:50:31 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.27 18:50:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.27 18:50:31 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.27 18:50:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.27 18:50:31 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.19 10:52:28 | 000,426,903 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	cash advance debt consolidation insurance at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14704 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1DA617DD-BB7B-40ED-8EB6-5919719D2BB2} - C:\MSYS\kpbho.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ACSrun] C:\WINDOWS\System32\usrlogon.bat ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe (Environmental Protection Agency)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft\Office_XP_XL\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.28 14:24:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell - "" = AutoRun
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.20 19:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2011.01.20 19:38:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.20 19:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.20 19:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.01.20 19:38:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.20 19:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.20 14:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011.01.20 14:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011.01.20 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011.01.20 13:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\MFTools
[2011.01.20 10:43:30 | 000,000,000 | ---D | C] -- C:\TUWINBAU
[2011.01.20 10:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Uniblue
[2011.01.20 10:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\PackageAware
[2011.01.20 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011.01.20 09:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011.01.19 10:57:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011.01.18 18:37:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.01.18 18:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.01.18 18:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.01.18 18:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.01.18 17:54:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.01.18 07:26:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2011.01.10 12:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\My Documents\lego
[2011.01.02 05:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\malte
[2010.12.30 16:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\arne
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.21 09:43:03 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011.01.21 09:36:02 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.21 09:27:56 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2011.01.20 21:23:27 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.01.20 21:22:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.20 21:22:28 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.20 21:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.20 20:39:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.01.20 19:38:49 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:53:01 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word XP XL.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:30 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:22:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.01.20 09:22:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.01.20 09:16:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.01.20 09:15:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 12:20:55 | 000,435,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.19 12:20:55 | 000,069,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.19 12:18:04 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.19 11:07:15 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:52:28 | 000,426,903 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.19 10:01:16 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.19 09:34:37 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Paint.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:41:02 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.18 16:28:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.18 07:40:59 | 171,083,144 | ---- | M] () -- C:\Documents and Settings\***\My Documents\DJ_AIO_NonNetwork_DEU_NB.exe
[2011.01.15 07:17:34 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 08:18:28 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word XP XL.lnk
[2011.01.09 16:08:05 | 000,530,264 | ---- | M] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.09 15:06:38 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.01.03 19:00:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:58 | 001,295,148 | ---- | M] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.30 16:38:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\Filzip.ini
[2010.12.30 15:09:30 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Excel XP XL.lnk
[2010.12.27 11:04:54 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.20 19:38:49 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:18:11 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:15:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 11:07:15 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:01:16 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:40:58 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 16:28:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.09 16:08:04 | 000,530,264 | ---- | C] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.07 04:54:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.01.03 19:00:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:57 | 001,295,148 | ---- | C] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.27 15:36:41 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\***\Desktop\internt.lnk
[2010.12.20 13:05:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2010.11.16 10:54:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\VPMAB.INI
[2010.06.29 10:24:37 | 000,000,363 | ---- | C] () -- C:\WINDOWS\axabt.ini
[2010.06.29 10:24:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\axae.ini
[2010.06.29 10:24:35 | 000,006,344 | ---- | C] () -- C:\WINDOWS\alias.ini
[2010.06.29 10:24:29 | 000,000,311 | ---- | C] () -- C:\WINDOWS\VPMS.INI
[2010.06.29 10:24:28 | 000,005,184 | ---- | C] () -- C:\WINDOWS\vfrx.ini
[2010.06.24 14:51:34 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.31 08:59:43 | 000,012,240 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009.12.31 08:57:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2009.12.30 11:45:22 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009.06.21 06:41:02 | 003,195,904 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009.04.05 18:29:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.05 15:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2007.11.15 20:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 20:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 20:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2006.10.11 14:48:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2006.10.11 13:43:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2006.09.20 10:06:45 | 000,003,530 | ---- | C] () -- C:\WINDOWS\Kvdkv.ini
[2006.09.20 10:06:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\KuDaBa.ini
[2006.09.19 15:48:18 | 000,048,640 | ---- | C] () -- C:\Program Files\lv1871.exe
[2006.09.19 15:48:18 | 000,000,766 | ---- | C] () -- C:\Program Files\LV1871h.ico
[2006.09.19 13:38:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\BFDEINST.INI
[2006.09.19 13:38:35 | 000,180,660 | ---- | C] () -- C:\WINDOWS\System32\KPXLS16.DLL
[2006.09.19 13:38:34 | 000,304,640 | ---- | C] () -- C:\WINDOWS\System32\KPRPID32.DLL
[2006.09.19 13:38:34 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\Msodeger.dll
[2006.09.19 13:38:34 | 000,157,404 | ---- | C] () -- C:\WINDOWS\System32\KPFILES.DLL
[2006.09.19 13:38:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2006.09.19 13:32:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Regadll.dll
[2006.09.19 08:38:52 | 000,000,019 | ---- | C] () -- C:\WINDOWS\restart.ini
[2006.09.19 08:38:35 | 000,000,252 | ---- | C] () -- C:\WINDOWS\caf.ini
[2006.09.19 08:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BONNDATA.INI
[2006.09.19 08:34:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2006.09.19 08:34:36 | 000,042,520 | ---- | C] () -- C:\WINDOWS\System32\WSQLCALT.DLL
[2006.09.19 08:34:35 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\ASdown.DLL
[2006.08.28 16:14:11 | 000,004,730 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.28 14:58:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nova.ini
[2006.08.28 14:48:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.29 11:47:24 | 000,008,671 | ---- | C] () -- C:\WINDOWS\System32\Dwrcs.ini
[2005.04.27 19:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004.09.27 13:37:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\PMevents.dll
[2001.10.28 16:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1997.05.12 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997.05.12 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.05.12 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1980.01.01 01:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[1980.01.01 01:00:00 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
 
========== LOP Check ==========
 
[2009.07.18 14:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009.12.29 14:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009.10.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009.05.29 11:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2009.12.20 10:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009.05.18 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010.10.24 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2009.07.31 09:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009.09.27 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009.09.30 12:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2009.09.30 12:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009.09.30 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_ger
[2009.09.05 13:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009.10.12 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009.07.25 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.09.01 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2006.08.28 15:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISDNWatch
[2010.02.10 13:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009.06.16 09:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2006.08.28 14:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2009.10.04 10:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009.07.05 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009.08.31 13:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009.10.03 18:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009.09.21 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009.08.11 09:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2010.05.15 17:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010.04.13 06:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009.06.16 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\World Money
[2009.09.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009.09.26 13:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Aisle 5 Games, Inc
[2010.06.15 08:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Artogon
[2009.11.03 14:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azuaz Games
[2009.07.12 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Big Fish Games
[2009.04.01 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Boolat Games
[2009.06.21 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\BrandX Games
[2009.08.30 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Camel101
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CasualForge
[2009.08.03 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CatmoonGames
[2009.06.16 10:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\DataDesign
[2009.12.29 12:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dekovir
[2009.06.12 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dream Farm Games
[2006.09.19 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ELAXY
[2009.09.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\EleFun Games
[2009.07.04 14:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Enchanted Katya
[2009.05.19 11:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FirstColony
[2009.04.08 12:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FRITZ!
[2009.09.21 12:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gaijin Ent
[2009.09.05 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gamelab
[2009.06.10 12:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\HiT-MM
[2009.10.04 09:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\IronCode
[2009.09.21 13:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\iWin
[2010.06.11 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Janes Realty2
[2010.07.15 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\KIDDINX
[2006.10.11 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Leadertech
[2009.06.16 09:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Little Games Company
[2009.08.22 18:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lost in the City
[2010.11.12 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Luupuw
[2009.08.23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Meridian93
[2006.10.11 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PDFCreator
[2009.09.08 08:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Peace Craft
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PlayFirst
[2009.08.03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ShinyTales
[2009.08.11 09:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Shockwave
[2010.10.15 07:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\TeamViewer
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\UClick
[2011.01.20 10:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Uniblue
[2009.05.29 12:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ViquaSoft
[2010.04.13 06:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone
[2009.05.06 17:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Volkswohl Bund
[2009.05.07 16:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\World-LooM
[2009.06.21 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\YoudaGames
[2010.11.12 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Yvra
[2009.09.21 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006.08.28 15:55:54 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.11.22 04:26:07 | 000,000,000 | ---- | M] () -- C:\data
[2002.12.19 23:00:00 | 000,053,248 | ---- | M] () -- C:\gendel32.exe
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 10:16:05 | 000,010,942 | ---- | M] () -- C:\hpfr5100.log
[2010.12.08 14:20:39 | 001,048,491 | ---- | M] () -- C:\immudebug.log
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.05 21:01:57 | 000,000,486 | ---- | M] () -- C:\LOG4D.log
[2009.04.19 06:24:24 | 000,004,208 | ---- | M] () -- C:\mmisscriptprotokoll.txt
[2009.04.19 06:24:25 | 000,000,002 | ---- | M] () -- C:\mmxmlparserprotokoll.txt
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.16 04:30:18 | 000,000,029 | ---- | M] () -- C:\Nina.cfg
[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.20 21:22:12 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2009.07.20 12:34:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009.09.07 10:42:33 | 000,002,827 | ---- | M] () -- C:\RESET.log
[2008.09.26 15:52:17 | 000,034,294 | ---- | M] () -- C:\setup.log
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
 
< %systemroot%\Fonts\*.dll >
[2005.05.11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
 
< %systemroot%\Fonts\*.ini >
[2006.08.28 14:23:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007.03.22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005.05.10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007.03.28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2008.06.24 17:11:31 | 000,783,360 | ---- | M] () -- C:\WINDOWS\KPSAVER.SCR
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2009.08.24 11:01:44 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2009.06.21 06:41:04 | 003,195,904 | ---- | M] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2006.08.07 13:29:44 | 000,048,640 | ---- | M] () -- C:\Program Files\lv1871.exe
[2006.04.26 14:28:06 | 000,000,766 | ---- | M] () -- C:\Program Files\LV1871h.ico
[2011.01.21 09:32:16 | 000,007,680 | -HS- | M] () -- C:\Program Files\Thumbs.db
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.08.28 16:11:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.08.28 16:11:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.08.28 16:11:42 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 03:50:15
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41F8101
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0487F955
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35C78DCC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037

< End of report >
--- --- ---
__________________
Alt 21.01.2011, 10:11   #4
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


vielen dank für die schnelle Antwort:

Hier ist das Ergebnis der OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.01.2011 10:01:33 - Run 5
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83,79 Gb Total Space | 59,52 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive D: | 9,37 Gb Total Space | 9,17 Gb Free Space | 97,86% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NDES00471101000 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\PMService.exe (TerraNovum)
PRC - C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (hpdj) --  File not found
SRV - (HidServ) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (DWMRCS) -- C:\WINDOWS\System32\DWRCS.exe (DameWare Development LLC)
SRV - (SavRoam) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (EPA_GPO_PMService) Energy Star(TM) -- C:\WINDOWS\system32\PMService.exe (TerraNovum)
SRV - (BBDistHandler) -- C:\maint\sid\DISTH\DISTH.EXE (IBM)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\WINDOWS\system32\nslsvice.exe (IBM Corp)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101214.001\naveng.sys (Symantec Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec\Symantec_Antivirus_10_DE\savrt.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.27 15:40:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 10:21:15 | 000,000,000 | ---D | M]
 
[2010.06.23 17:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Extensions
[2011.01.20 19:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions
[2010.06.24 12:12:08 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.06.24 12:12:06 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Documents and Settings\***\Application Data\mozilla\Firefox\Profiles\cmo0higa.default\extensions\finder@meingutscheincode.de
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\cmo0higa.default\searchplugins\conduit.xml
[2010.06.23 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.27 18:50:31 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.27 18:50:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.27 18:50:31 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.27 18:50:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.27 18:50:31 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.19 10:52:28 | 000,426,903 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	cash advance debt consolidation insurance at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14704 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1DA617DD-BB7B-40ED-8EB6-5919719D2BB2} - C:\MSYS\kpbho.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ACSrun] C:\WINDOWS\System32\usrlogon.bat ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD_5_1_DE\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe (Environmental Protection Agency)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft\Office_XP_XL\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.28 14:24:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell - "" = AutoRun
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.20 19:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2011.01.20 19:38:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.20 19:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.20 19:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.01.20 19:38:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.20 19:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.20 14:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011.01.20 14:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011.01.20 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011.01.20 13:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\MFTools
[2011.01.20 10:43:30 | 000,000,000 | ---D | C] -- C:\TUWINBAU
[2011.01.20 10:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Uniblue
[2011.01.20 10:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\PackageAware
[2011.01.20 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011.01.20 09:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011.01.19 10:57:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011.01.18 18:37:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.01.18 18:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.01.18 18:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.01.18 18:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.01.18 18:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.01.18 17:54:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.01.18 07:26:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2011.01.10 12:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\My Documents\lego
[2011.01.02 05:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\malte
[2010.12.30 16:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Desktop\arne
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.21 09:43:03 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011.01.21 09:36:02 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.21 09:27:56 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2011.01.20 21:23:27 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.01.20 21:22:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.20 21:22:28 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.20 21:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.20 20:39:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.01.20 19:38:49 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:53:01 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word XP XL.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:30 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:22:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.01.20 09:22:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.01.20 09:16:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.01.20 09:15:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 12:20:55 | 000,435,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.19 12:20:55 | 000,069,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.19 12:18:04 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.19 11:07:15 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:52:28 | 000,426,903 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.19 10:01:16 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.19 09:34:37 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Paint.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:41:02 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.18 16:28:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.18 07:40:59 | 171,083,144 | ---- | M] () -- C:\Documents and Settings\***\My Documents\DJ_AIO_NonNetwork_DEU_NB.exe
[2011.01.15 07:17:34 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 08:18:28 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word XP XL.lnk
[2011.01.09 16:08:05 | 000,530,264 | ---- | M] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.09 15:06:38 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.01.03 19:00:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | M] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:58 | 001,295,148 | ---- | M] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.30 16:38:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\Filzip.ini
[2010.12.30 15:09:30 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Excel XP XL.lnk
[2010.12.27 11:04:54 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.20 19:38:49 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 15:09:11 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit OTL.exe.lnk
[2011.01.20 14:55:04 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.01.20 14:55:04 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.20 14:17:43 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011.01.20 09:26:29 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Windows Media Player.lnk
[2011.01.20 09:18:11 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.01.20 09:15:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.01.19 11:07:15 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Verknüpfung mit msimn.exe.lnk
[2011.01.19 10:01:16 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\alice2.lnk
[2011.01.18 18:41:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011.01.18 18:40:58 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.01.18 16:28:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Benutzerdokumentation Notes R651.lnk
[2011.01.09 16:08:04 | 000,530,264 | ---- | C] () -- C:\Documents and Settings\***\My Documents\P1070205.jpg
[2011.01.07 04:54:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.01.03 19:00:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Magdalene Kowalski.doc
[2011.01.01 12:36:45 | 000,015,273 | ---- | C] () -- C:\Documents and Settings\***\My Documents\Kalos_Bereifung_EGBE_Juni_2010.pdf
[2010.12.31 10:51:57 | 001,295,148 | ---- | C] () -- C:\Documents and Settings\***\My Documents\anmeldung_kiga.rtf
[2010.12.27 15:36:41 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\***\Desktop\internt.lnk
[2010.12.20 13:05:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2010.11.16 10:54:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\VPMAB.INI
[2010.06.29 10:24:37 | 000,000,363 | ---- | C] () -- C:\WINDOWS\axabt.ini
[2010.06.29 10:24:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\axae.ini
[2010.06.29 10:24:35 | 000,006,344 | ---- | C] () -- C:\WINDOWS\alias.ini
[2010.06.29 10:24:29 | 000,000,311 | ---- | C] () -- C:\WINDOWS\VPMS.INI
[2010.06.29 10:24:28 | 000,005,184 | ---- | C] () -- C:\WINDOWS\vfrx.ini
[2010.06.24 14:51:34 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.31 08:59:43 | 000,012,240 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009.12.31 08:57:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2009.12.30 11:45:22 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009.06.21 06:41:02 | 003,195,904 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009.04.05 18:29:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.05 15:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2007.11.15 20:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 20:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 20:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2006.10.11 14:48:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2006.10.11 13:43:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2006.09.20 10:06:45 | 000,003,530 | ---- | C] () -- C:\WINDOWS\Kvdkv.ini
[2006.09.20 10:06:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\KuDaBa.ini
[2006.09.19 15:48:18 | 000,048,640 | ---- | C] () -- C:\Program Files\lv1871.exe
[2006.09.19 15:48:18 | 000,000,766 | ---- | C] () -- C:\Program Files\LV1871h.ico
[2006.09.19 13:38:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\BFDEINST.INI
[2006.09.19 13:38:35 | 000,180,660 | ---- | C] () -- C:\WINDOWS\System32\KPXLS16.DLL
[2006.09.19 13:38:34 | 000,304,640 | ---- | C] () -- C:\WINDOWS\System32\KPRPID32.DLL
[2006.09.19 13:38:34 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\Msodeger.dll
[2006.09.19 13:38:34 | 000,157,404 | ---- | C] () -- C:\WINDOWS\System32\KPFILES.DLL
[2006.09.19 13:38:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2006.09.19 13:32:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Regadll.dll
[2006.09.19 08:38:52 | 000,000,019 | ---- | C] () -- C:\WINDOWS\restart.ini
[2006.09.19 08:38:35 | 000,000,252 | ---- | C] () -- C:\WINDOWS\caf.ini
[2006.09.19 08:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BONNDATA.INI
[2006.09.19 08:34:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2006.09.19 08:34:36 | 000,042,520 | ---- | C] () -- C:\WINDOWS\System32\WSQLCALT.DLL
[2006.09.19 08:34:35 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\ASdown.DLL
[2006.08.28 16:14:11 | 000,004,730 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.28 14:58:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nova.ini
[2006.08.28 14:48:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.29 11:47:24 | 000,008,671 | ---- | C] () -- C:\WINDOWS\System32\Dwrcs.ini
[2005.04.27 19:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004.09.27 13:37:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\PMevents.dll
[2001.10.28 16:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1997.05.12 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997.05.12 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.05.12 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1980.01.01 01:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[1980.01.01 01:00:00 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
 
========== LOP Check ==========
 
[2009.07.18 14:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009.12.29 14:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009.10.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009.05.29 11:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2009.12.20 10:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009.05.18 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010.10.24 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2009.07.31 09:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009.09.27 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009.09.30 12:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2009.09.30 12:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009.09.30 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_ger
[2009.09.05 13:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009.10.12 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009.07.25 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.09.01 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2006.08.28 15:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISDNWatch
[2010.02.10 13:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009.06.16 09:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2006.08.28 14:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2009.10.04 10:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009.07.05 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009.08.31 13:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009.10.03 18:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009.09.21 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009.08.11 09:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2010.05.15 17:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010.04.13 06:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009.06.16 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\World Money
[2009.09.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009.09.26 13:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Aisle 5 Games, Inc
[2010.06.15 08:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Artogon
[2009.11.03 14:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Azuaz Games
[2009.07.12 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Big Fish Games
[2009.04.01 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Boolat Games
[2009.06.21 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\BrandX Games
[2009.08.30 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Camel101
[2009.10.13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CasualForge
[2009.08.03 16:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\CatmoonGames
[2009.06.16 10:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\DataDesign
[2009.12.29 12:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dekovir
[2009.06.12 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dream Farm Games
[2006.09.19 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ELAXY
[2009.09.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\EleFun Games
[2009.07.04 14:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Enchanted Katya
[2009.05.19 11:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FirstColony
[2009.04.08 12:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FRITZ!
[2009.09.21 12:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gaijin Ent
[2009.09.05 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Gamelab
[2009.06.10 12:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\HiT-MM
[2009.10.04 09:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\IronCode
[2009.09.21 13:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\iWin
[2010.06.11 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Janes Realty2
[2010.07.15 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\KIDDINX
[2006.10.11 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Leadertech
[2009.06.16 09:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lexware
[2009.09.28 08:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Little Games Company
[2009.08.22 18:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Lost in the City
[2010.11.12 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Luupuw
[2009.08.23 15:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Meridian93
[2006.10.11 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PDFCreator
[2009.09.08 08:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Peace Craft
[2009.10.31 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\PlayFirst
[2009.08.03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ShinyTales
[2009.08.11 09:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Shockwave
[2010.10.15 07:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\TeamViewer
[2009.06.28 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\UClick
[2011.01.20 10:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Uniblue
[2009.05.29 12:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ViquaSoft
[2010.04.13 06:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Vodafone
[2009.05.06 17:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Volkswohl Bund
[2009.05.07 16:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\World-LooM
[2009.06.21 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\YoudaGames
[2010.11.12 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Yvra
[2009.09.21 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.01.06 08:08:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006.08.28 15:55:54 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006.08.28 14:24:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.11.22 04:26:07 | 000,000,000 | ---- | M] () -- C:\data
[2002.12.19 23:00:00 | 000,053,248 | ---- | M] () -- C:\gendel32.exe
[2011.01.20 21:22:14 | 1064,755,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 10:16:05 | 000,010,942 | ---- | M] () -- C:\hpfr5100.log
[2010.12.08 14:20:39 | 001,048,491 | ---- | M] () -- C:\immudebug.log
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.05 21:01:57 | 000,000,486 | ---- | M] () -- C:\LOG4D.log
[2009.04.19 06:24:24 | 000,004,208 | ---- | M] () -- C:\mmisscriptprotokoll.txt
[2009.04.19 06:24:25 | 000,000,002 | ---- | M] () -- C:\mmxmlparserprotokoll.txt
[2006.08.28 14:24:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.16 04:30:18 | 000,000,029 | ---- | M] () -- C:\Nina.cfg
[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011.01.18 18:00:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.01.20 21:22:12 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2009.07.20 12:34:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009.09.07 10:42:33 | 000,002,827 | ---- | M] () -- C:\RESET.log
[2008.09.26 15:52:17 | 000,034,294 | ---- | M] () -- C:\setup.log
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
 
< %systemroot%\Fonts\*.dll >
[2005.05.11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
 
< %systemroot%\Fonts\*.ini >
[2006.08.28 14:23:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007.03.22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005.05.10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007.03.28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2008.06.24 17:11:31 | 000,783,360 | ---- | M] () -- C:\WINDOWS\KPSAVER.SCR
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2009.08.24 11:01:44 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2009.06.21 06:41:04 | 003,195,904 | ---- | M] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2006.08.07 13:29:44 | 000,048,640 | ---- | M] () -- C:\Program Files\lv1871.exe
[2006.04.26 14:28:06 | 000,000,766 | ---- | M] () -- C:\Program Files\LV1871h.ico
[2011.01.21 09:32:16 | 000,007,680 | -HS- | M] () -- C:\Program Files\Thumbs.db
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.08.28 16:11:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.08.28 16:11:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.08.28 16:11:42 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 03:50:15
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41F8101
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0487F955
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35C78DCC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037

< End of report >
--- --- ---
Alt 21.01.2011, 10:31   #5
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


huch, doppelpost

wo finde ich die extras.txt?


Alt 21.01.2011, 10:47   #6
Swisstreasure
/// Malwareteam
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Wie oft hast Du OTL uf dem System laufen gelassen?
Zitat:
OTL logfile created on: 21.01.2011 10:01:33 - Run 5
Starte bitte OTL.exe
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Kennst Du diese DateI:
C:\WINDOWS\System32\usrlogon.bat

Alt 21.01.2011, 11:53   #7
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Zitat:
Zitat von Swisstreasure Beitrag anzeigen
Wie oft hast Du OTL uf dem System laufen gelassen?
5 mal- das kommt schon hin. Ist das denn schlimm ? Ja, und nach meinem Posting nochmal- weil ich gedacht habe, ich hätte irgendeinen haken falsch gesetzt.
Zitat:
Zitat von Swisstreasure Beitrag anzeigen

Kennst Du diese DateI:
C:\WINDOWS\System32\usrlogon.bat
ich weiß nicht, was das für eine datei ist. allerdings bin ich nicht wirklich ein Computer Fachmann. Ich habe gedacht, das hätte was mit verschiedenen benutzerkonten zu tun?

ich habe jetzt die extra.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.01.2011 11:44:39 - Run 7
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 493,00 Mb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83,79 Gb Total Space | 59,53 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive D: | 9,37 Gb Total Space | 9,17 Gb Free Space | 97,86% Space Free | Partition Type: NTFS
Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NDES00471101000 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\OFFICE~1\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\OFFICE~1\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\MSYS\Snowball.exe" = C:\MSYS\Snowball.exe:*:Disabled:Clientkomponente SB
"C:\Program Files\AXA-BT\COLSERV\jre\bin\javaw.exe" = C:\Program Files\AXA-BT\COLSERV\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AXA-BT\COLSERV\BTFrame.exe" = C:\Program Files\AXA-BT\COLSERV\BTFrame.exe:*:Enabled:BTFrame -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12E0A949-8861-35F8-B7ED-5658788A7BFE}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{298B7460-A43A-3083-B295-75547FC68392}" = Microsoft .NET Framework 3.5 Language Pack - esn
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A871AF4-7699-4226-A3D3-869EE5E64034}" = Dameware Dameware Mini Remote Control 5.0 [5.0.1.5] DE
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3BB7DDB1-23A5-489D-8F96-292FB224BA90}" = AXA Beratungstechnologie
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec Symantec Antivirus 10 [10.0.0.359] DE
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6183CFBD-5298-4329-BC4E-58568A004D35}" = Microsoft Access Runtime 10 [10.0.6626.0] EN
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6845AE3B-EB95-46DE-A190-EAB8D7764C60}" = Lexware Elster
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EA3B25B-9FCF-4C8F-A1A0-7FD4978AAA1C}" = Lotus Notes 6.5.1 de
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Sun Microsystems, Inc. Java 2 Runtime Environment, SE 1.4.2.06 EN
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Microsoft MSXML 4 EN
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{776AC7E8-F6F4-4E4F-98CD-ECCC54948C6A}" = Macromedia Shockwave 10 EN
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7D7C9A8A-F3B4-42A2-9AD2-5B0CA013267C}" = Lexware online banking
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft NET Framework 1.1 ES
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP 10.0.6626.0 XL
"{901E0403-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Catalan User Interface Pack
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface 10 DE
"{901E040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP French User Interface 10 FR
"{901E0410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Italian User Interface 10 IT
"{901E042D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Basque User Interface Pack
"{901E0456-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Galician User Interface Pack
"{901E0C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Spanish User Interface 10 ES
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9311A75A-D83D-37B5-8D49-88E7F5AB2762}" = Microsoft .NET Framework 3.5 Language Pack - ita
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft NET_Framework 1.1 FR
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{ACAB3F35-588C-4F2E-81FF-764839A632D7}" = DDBAC
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3BBA387-B30B-4E0F-9E35-82B15B7DD10E}" = InstallShield ISScript 3 EN
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B516126E-607A-47BD-8B35-335A76328576}" = Quicken Import Export Server 2009
"{BAC47667-0D8E-4B74-8C1B-630D68F7E23E}" = Eagle Star Tarifrechner
"{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}" = Lexware Info Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C3B8F0DF-55EA-4793-8F77-3259211A3C9E}" = CyberLink PowerDVD 5.1 [5.1.057] DE
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5B83F18-6959-4760-9879-709E29E75DAF}" = EZ GPO Power Management Config Tool
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8320AEC-2E97-4C78-81EC-43CF6D248B01}" = Microsoft XML Parser
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DF70AE58-A4D9-43EE-8158-3800CB6EF59D}" = BBFacade
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E5A24EC1-61AF-4AF4-A103-756359FAC92E}" = Quicken 2009 - ServicePack 3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECD9E9A7-EA28-4698-8414-3F306C79ECD7}" = Irfanview Irfan View 3.9 [3.98] DE
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft NET Framework 1.1 IT
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Defraggler" = Defraggler
"Domänenzulassung Bonnfinanz_is1" = Domänenzulassung Bonnfinanz 1.0
"Farm Frenzy - Gone Fishing 1.0.0.0" = Farm Frenzy - Gone Fishing 1.0.0.0
"Filzip 3.0.1.44_is1" = Filzip 3.01
"FRITZ! 2.0" = AVM FRITZ!
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 Language Pack - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 - esn
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 Language Pack - ita" = Microsoft .NET Framework 3.5 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"ST6UNST #1" = VB6-Runtime und Steuerelemente
"SystemRequirementsLab" = System Requirements Lab
"Viewer97" = Microsoft Word Viewer 97
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2011 15:39:55 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 15:39:59 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 16:22:21 | Computer Name = NDES00471101000 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.01.2011 23:49:30 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 23:49:42 | Computer Name = NDES00471101000 | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 20.01.2011 23:49:50 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 23:49:58 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 23:50:05 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983583,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 23:50:09 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 20.01.2011 23:50:15 | Computer Name = NDES00471101000 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
 P2 1031, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 
0.
 
[ System Events ]
Error - 20.01.2011 23:49:50 | Computer Name = NDES00471101000 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 20.01.2011 23:49:56 | Computer Name = NDES00471101000 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server
 2003 and Windows XP x86 (KB982168).
 
Error - 20.01.2011 23:49:57 | Computer Name = NDES00471101000 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 20.01.2011 23:50:04 | Computer Name = NDES00471101000 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and
 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).
 
Error - 20.01.2011 23:50:05 | Computer Name = NDES00471101000 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 20.01.2011 23:50:09 | Computer Name = NDES00471101000 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 20.01.2011 23:50:10 | Computer Name = NDES00471101000 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
 Windows Server 2003 and Windows XP x86 (KB983583).
 
Error - 20.01.2011 23:50:14 | Computer Name = NDES00471101000 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MSIServer"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {000C101C-0000-0000-C000-000000000046}
 
Error - 20.01.2011 23:50:15 | Computer Name = NDES00471101000 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
 
Error - 20.01.2011 23:50:20 | Computer Name = NDES00471101000 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on 
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).
 
 
< End of report >
--- --- ---


vielen dank nochmal für Deine Hilfe :-)
Geändert von ranjid (21.01.2011 um 11:55 Uhr) Grund: Ich habe noch etwas vergessen hinzu zuschreiben

Alt 21.01.2011, 12:09   #8
Swisstreasure
/// Malwareteam
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Mach einmal Rechtsklick auf die Bat Datei und dann öffnen mit Editor und poste den Inhalt.

Alt 21.01.2011, 15:12   #9
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


1. hier nun das logfile von gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-21 14:10:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541010G9AT00 rev.MBZOA61A
Running: gmer.exe; Driver: C:\DOCUME~1\***\LOCALS~1\Temp\kxqyrpow.sys


---- System - GMER 1.0.15 ----

SSDT            8650F250                                                                 ZwConnectPort
SSDT            F7D5289E                                                                 ZwCreateKey
SSDT            F7D52894                                                                 ZwCreateThread
SSDT            F7D528A3                                                                 ZwDeleteKey
SSDT            F7D528AD                                                                 ZwDeleteValueKey
SSDT            F7D528CB                                                                 ZwLoadDriver
SSDT            F7D528B2                                                                 ZwLoadKey
SSDT            F7D52880                                                                 ZwOpenProcess
SSDT            F7D52885                                                                 ZwOpenThread
SSDT            F7D528BC                                                                 ZwReplaceKey
SSDT            F7D528B7                                                                 ZwRestoreKey
SSDT            F7D528D0                                                                 ZwSetSystemInformation
SSDT            F7D528A8                                                                 ZwSetValueKey
SSDT            F7D5288F                                                                 ZwTerminateProcess
SSDT            F7D5288A                                                                 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\DRIVERS\gtipci21.sys                                 entry point in "init" section [0xF720CA80]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3272] ntdll.dll!LdrLoadDll  7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                   SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                 avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                              avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                 SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---
Geändert von ranjid (21.01.2011 um 15:19 Uhr)

Alt 21.01.2011, 15:17   #10
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Zitat:
Zitat von Swisstreasure Beitrag anzeigen
Mach einmal Rechtsklick auf die Bat Datei und dann öffnen mit Editor und poste den Inhalt.
in der Datei steht:

Code:
ATTFilter
REM ACSRun file (Application Compatibility Script - launcher)

Alt 21.01.2011, 16:55   #11
Swisstreasure
/// Malwareteam
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Schritt 1

Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: () - {1DA617DD-BB7B-40ED-8EB6-5919719D2BB2} - C:\MSYS\kpbho.dll ()
O4 - HKLM..\Run: [ACSrun] C:\WINDOWS\System32\usrlogon.bat ()
O32 - AutoRun File - [2008.07.07 21:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell - "" = AutoRun
O33 - MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 03:27:14 | 000,327,680 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.01.20 09:22:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.01.20 09:22:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.01.20 09:16:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Alt 22.01.2011, 12:20   #12
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Hallo,

hier ist der Inhalt der gefixten Datei:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DA617DD-BB7B-40ED-8EB6-5919719D2BB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DA617DD-BB7B-40ED-8EB6-5919719D2BB2}\ deleted successfully.
C:\MSYS\kpbho.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ACSrun deleted successfully.
C:\WINDOWS\system32\usrlogon.bat moved successfully.
File F:\Autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa85819-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa85819-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa85819-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa85819-46be-11df-a282-404e57434401}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa8581c-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa8581c-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aa8581c-46be-11df-a282-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aa8581c-46be-11df-a282-404e57434401}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ea509f2-1345-11e0-a359-00166f749b57}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ea509f2-1345-11e0-a359-00166f749b57}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea509f2-1345-11e0-a359-00166f749b57}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ea509f2-1345-11e0-a359-00166f749b57}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8795645b-d744-11de-a252-0015c512d44d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8795645b-d744-11de-a252-0015c512d44d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8795645b-d744-11de-a252-0015c512d44d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a770f3e5-58ee-11df-a28d-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a770f3e5-58ee-11df-a28d-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a770f3e5-58ee-11df-a28d-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a770f3e5-58ee-11df-a28d-404e57434401}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\WINDOWS\system32\nscompat.tlb moved successfully.
C:\WINDOWS\system32\amcompat.tlb moved successfully.
C:\WINDOWS\WMSysPr9.prx moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 43111200 bytes
->Temporary Internet Files folder emptied: 6520899 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 618688 bytes
 
User: ***
->Temp folder emptied: 74866889 bytes
->Temporary Internet Files folder emptied: 3032736 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 45113944 bytes
->Google Chrome cache emptied: 10491818 bytes
->Flash cache emptied: 3616 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6300177 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 637205 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 43946588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 553366514 bytes
 
Total Files Cleaned = 752,00 mb
 
 
OTL by OldTimer - Version 3.2.20.2 log created on 01222011_120847

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Geändert von ranjid (22.01.2011 um 12:26 Uhr)

Alt 22.01.2011, 13:02   #13
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


und hier ist das Ergebnis von Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5570

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22.01.2011 13:01:01
mbam-log-2011-01-22 (13-01-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144366
Laufzeit: 20 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
heißt das, daß der Virus weg ist?

Alt 22.01.2011, 14:07   #14
ranjid
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


gerade eben hat antivir wieder gemeldet, daß es Papras.AB gefunden hat.

Code:
ATTFilter
Die Datei 'C:\System Volume Information\_restore{0111EB27-6CD3-4176-A2E4-F4511F0A8EBE}\RP221\A0302097.dll'
enthielt einen Virus oder unerwünschtes Programm 'BDS/Papras.AB' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f8d7126.qua' verschoben!



wieso schickt es mir diese meldung, wenn sich papras schon in quarantäne befindet? das ist mir nicht ganz klar ?

Alt 22.01.2011, 15:49   #15
Swisstreasure
/// Malwareteam
 
problem mit BDS/Papras.AB - Standard

problem mit BDS/Papras.AB


Schritt 1

Zitat:
Die Datei 'C:\System Volume Information\_restore.....
Das ist lediglich noch in der Systemwiederherstellung in sicherer Umgebung Also keine Sorge, dass werden wir noch löschen am Schluss.

Schritt 2

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Schritt 3

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Antwort
Seite 1 von 2 1 2

Themen zu problem mit BDS/Papras.AB
antworten, avira, bds/papras, befallen, befindet, c:\windows, einstellungen, gen, information, interne, internetverbindung, keine internetverbindung, lange, langsam, load.exe, meldung, nachfrage, nicht starten, problem, proxy, starten, system, system volume information, system32, verbindung, warum, windows, worte, überhaupt, _restore


« Bei jedem PC-Start erscheint : "syncui funktioniert nicht mehr" | Nach (angeblicher) Beseitigung von cycbot.b Probleme mit dem Internet »


Ähnliche Themen: problem mit BDS/Papras.AB


  1. BDS/Papras.VZ
    Log-Analyse und Auswertung - 23.08.2011 (1)
  2. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  3. BDS/Papras.OG
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (11)
  4. BDS/Papras.PK evtl. Phishing ?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (9)
  5. Backdooprogramm BDS/Papras.PK
    Log-Analyse und Auswertung - 20.09.2010 (29)
  6. Antivir-Meldung: TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (26)
  7. TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  8. Tr/psw papras ab
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (14)
  9. Win32.Backdoor\Papras/A
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (6)
  10. TR/PSW.Papras.AB -#2
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (2)
  11. BDS.Papras.JX
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (17)
  12. BDS/Papras.KN in cmdnfig.dll
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (9)
  13. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  14. BDS/Papras.jx
    Log-Analyse und Auswertung - 08.07.2010 (1)
  15. BDS/Papras.JF [backdoor]
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (3)
  16. BDS/Papras.HE entfernen
    Log-Analyse und Auswertung - 13.06.2010 (1)
  17. BDS/Papras.GX
    Log-Analyse und Auswertung - 13.06.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema problem mit BDS/Papras.AB - Hallo, ich habe schon von mehreren Mitgliedern hier gelesen, daß sie von BDS/Papras.AB befallen wurden. Er befindet sich bei mir an 2 Orten..Geht das überhaupt? Ich habe Meldung von Avira - problem mit BDS/Papras.AB...
Archiv
Du betrachtest: problem mit BDS/Papras.AB auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131