| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop (Windows Vista basic)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.09.2012, 09:31
| #1 |
| |  GVU Trojaner auf Laptop (Windows Vista basic) Hallo zusammen, auch mich hats erwischt - ich habe mir den GVU Trojaner auf den Rechner geholt.  Ich kann nur noch im abgesicherten Modus starten und ins Internet gehen, sobald ich "ganz normal" starte und eine Internetverbindung vorhanden ist, wird der komplette Laptop gesperrt und ich werde aufgefordert, Geld zum entsperren irgendwohin zu überweisen. Wie hier im Forum beschrieben, habe ich mir den Defogger herunter geladen und als Admin gestartet. Nach dem start kommt nur ein Fenster, in dem steht: "Defogger is a tool to disable CD Emulator Drivers that interfere with anti rootkit programs and other anti malware tools. If you are using this in conjunction with assistance from a Malware Removal Professional, please wait until they have finished assisting you before clicking re-enable". Darunter kann ich entweder "Disable" oder "Reenable" klicken. Habe mal weder noch geklickt... OTL habe ich im nächsten schritt herunter geladen, und hier sind die logs von dem Quick Scan. Vorneweg noch: ich bin für Eure Hilfe sehr dankbar, denn allein komm ich aus der Nummer nicht mehr raus (als Computer-analphabet...) OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 10:06:44 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mary\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free 4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 09:57:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Downloads\OTL.exe PRC - [2009.09.02 09:31:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security) SRV - [2012.09.16 09:43:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 06:55:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.05.06 20:04:36 | 000,412,736 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.05.06 20:04:36 | 000,379,968 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2008.09.27 20:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor) SRV - [2008.02.15 01:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2008.02.14 22:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.11 18:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 19:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX) DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.09.23 18:57:45 | 000,048,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.06.30 00:06:38 | 000,047,432 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon) DRV - [2009.05.22 19:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.03.31 04:51:32 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.03.03 01:15:24 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou) DRV - [2009.03.03 01:14:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.01.06 14:50:42 | 000,014,848 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.03.14 15:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.10 19:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2007.05.23 10:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcSearchScopes IE - HKCU\..\SearchScopes\{6A961C9C-A095-4DF9-BC71-0D032D05D619}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_ptnrs=%5EABT&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mary\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 09:43:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.26 16:30:50 | 000,000,000 | ---D | M] [2010.01.30 12:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Extensions [2012.05.02 10:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}-trash [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash [2010.08.10 17:35:46 | 000,000,873 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\rcpggznm.default\searchplugins\conduit.xml [2012.04.05 16:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.19 10:08:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.16 09:43:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012.03.04 15:34:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [1999.12.31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.04.05 16:08:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 09:43:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.05 16:08:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.05 16:08:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.05 16:08:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.05 16:08:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87}] C:\Windows\test.bat File not found O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\Mary\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [osidfjklsdw.exe] C:\osidfjklsdw\osidfjklsdw.exe File not found O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5A7ABC-1A2C-4E00-A5FD-6A7C8FD46BE1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB0D7453-45E6-49BA-BA4A-13881045B694}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG O24 - Desktop BackupWallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.01.26 19:32:10 | 000,000,305 | R--- | M] () - E:\AUTORUN.inf -- [ CDFS ] O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.02.16 15:30:30 | 000,103,816 | R--- | M] (CANON INC.) O33 - MountPoints2\{0a1b8d23-a839-11df-b54c-002622079336}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell - "" = AutoRun O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\1\Command - "" = F:\.\recycled\info.exe O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell - "" = AutoRun O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d5bb0289-21ff-11df-ab2f-002622079336}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Canon [2012.09.04 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012.09.04 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2012.09.04 21:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon SELPHY CP800 [2012.09.04 21:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonCP [2012.09.04 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon [2012.09.02 20:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.30 06:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.30 06:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.08.30 06:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.26 16:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ICAClient [2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Citrix [2012.08.26 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2012.08.26 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Juniper Networks ========== Files - Modified Within 30 Days ========== [2012.09.16 09:48:34 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 09:48:34 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 09:48:34 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 09:48:34 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.16 09:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.15 12:51:55 | 000,001,356 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat [2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.09.15 12:31:37 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 12:28:48 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2012.09.14 09:45:21 | 000,001,728 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.14 09:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job [2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job [2012.09.04 21:52:02 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk [2012.09.04 21:52:02 | 000,000,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2012.09.04 21:51:03 | 000,000,010 | ---- | M] () -- C:\Windows\WININIT.INI [2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ========== Files Created - No Company Name ========== [2012.09.14 09:45:21 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.14 09:45:21 | 000,001,728 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.04 21:52:02 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk [2012.09.04 21:52:02 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2012.09.04 21:51:03 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.25 20:04:14 | 000,000,147 | ---- | C] () -- C:\Users\Mary\GO-Conference.ini [2012.03.30 16:25:44 | 000,001,356 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat [2012.01.28 12:14:17 | 000,000,503 | ---- | C] () -- C:\Windows\wiso.ini [2011.09.13 11:07:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.09.13 11:07:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.09.13 11:07:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.09.13 11:07:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.09.13 11:07:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.09.13 11:07:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.09.13 11:07:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.09.13 11:07:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.09.13 11:07:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.09.13 11:07:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.09.13 11:07:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.09.13 11:07:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.09.13 11:07:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.09.13 11:07:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.09.13 11:07:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.03.07 16:37:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.05 18:05:05 | 000,052,736 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.30 12:43:03 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml ========== LOP Check ========== [2012.01.28 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Buhl Data Service [2012.09.04 22:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon [2012.09.15 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Dropbox [2010.08.10 08:56:46 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.30 12:42:13 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EasyCapture [2012.07.16 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EndNote [2012.04.05 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EPSON [2012.08.30 06:59:20 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ICAClient [2010.02.06 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\InterVideo [2012.08.26 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Juniper Networks [2011.07.17 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ProtectDisc [2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job [2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job [2012.09.14 09:59:27 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und das extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 10:06:44 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mary\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free
4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS
Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EA9C946-10F6-4A8C-B04B-AF90B47AAB7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2032AFFE-A0DA-4770-BC69-B059C0FB5789}" = lport=138 | protocol=17 | dir=in | app=system |
"{59788A46-BC27-4A8A-AFF4-1968420A5E94}" = rport=138 | protocol=17 | dir=out | app=system |
"{C777B5C4-4F0A-4D7C-838B-1D007AC51150}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA9EE86A-1BFE-4E33-853A-A0EC896C43B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC3E6570-D4D5-4D3A-B586-9953D18DFE4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3424B99-B790-4F02-A2B3-BD7E19660778}" = rport=139 | protocol=6 | dir=out | app=system |
"{D58170DC-D20E-473C-98F6-B2B30A0670C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{D93A9B57-2E14-490C-9C7F-ECF5297A5643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0BAABA7-CA91-4663-86DF-22E9D241AA02}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153398D-C46C-4C00-A63B-8F49B06B9022}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0E8CE467-5519-47C5-9D86-3E94CC21ABD9}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{15D49E45-F916-4197-8EA0-5249FD9C884C}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{1F9EEF11-F94A-46A9-A8F5-AA9AA5AB241D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D748D13-62D7-4404-90F5-8601F060D911}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{2E77DAA5-15C6-40FA-A791-CCAD8EFC1B44}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{3078F19F-13E7-4C94-8751-51168860CEE5}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{38FA975E-65DD-4F5B-A6EE-BFFFFC8D9EF7}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |
"{438DB66F-4394-4CA3-BF0C-2D8E737E526B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A521222-1A90-4D3E-B613-C3BE7DE42D39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4DFAFB8D-31FF-42BD-AF45-B804913A8D24}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{57EDD7F0-4E0D-4E69-94BB-D0F3FD0978B6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{599AF7FC-0E78-47BF-A1AE-2E2D1804071C}" = dir=in | app=c:\users\mary\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5B11DD1A-4ABA-4216-BFDD-38210C168744}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{5C109361-9364-4800-8BF8-C4F15314F36D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5DEAA9DB-B306-459A-8C02-D693448AD076}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{761D9509-84A3-4D99-A122-5833D4AD6C18}" = dir=in | app=c:\program files\lenovo\readycomm\threegservice.exe |
"{7A6D67D0-D421-487A-9926-806AE139BD46}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{85E72C0C-5B1C-450E-919B-ABC0435BAA0C}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{93258E1A-4660-4E3D-B2D0-E2C445E73FCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9932DEE5-DF8F-45C9-9B7B-C3A1EDA703B6}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{AF736150-591C-47CD-AE79-169A564CAA62}" = dir=out | app=c:\program files\lenovo\readycomm\threegservice.exe |
"{C4B62770-4035-4D78-8976-3E481FEEDB09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C56CBA85-0900-4259-937B-C7FE9BD173C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CF87CA75-8995-4225-A2FA-05F433E5C6D0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{DF96C1FF-68C0-479E-84A0-E8C555F2BDB1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{E0EBFBA3-18B5-4B16-B496-7714AE3E010B}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |
"{E4A70759-4310-4B5A-B3F4-E8C0247FD951}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{E75C79B0-CA96-41B2-833E-A75CFC003FAB}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{EACEB393-ADBA-431E-8B47-ADBD6BC61ABA}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{FD2D392E-57A8-45D8-BCC7-9EDABA03ABB7}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{FFD19868-D64D-46DB-A77C-CC1CECDB6BCC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5.0
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon SELPHY CP800" = Canon SELPHY CP800
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EasyCapture3.5" = EasyCapture
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SELPHY Photo Print" = Canon Utilities SELPHY Photo Print
"SELPHY Print Contents 110" = Canon Utilities SELPHY Print Contents 1.1.0
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Windows Live Toolbar" = Windows Live Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.07.2012 10:18:35 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9142
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10375
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10375
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12309
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12309
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13526
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13526
[ System Events ]
Error - 15.09.2012 15:14:40 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15.09.2012 15:19:55 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 16.09.2012 03:43:26 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 16.09.2012 03:43:28 | Computer Name = Mary-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 16.09.2012 03:43:34 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 16.09.2012 03:43:37 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description =
Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
ganz vergessen: das ergab der qickscan mit malwarebytes: Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.16.04 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Mary :: MARY-PC [Administrator] 16.09.2012 12:28:14 mbam-log-2012-09-16 (12-33-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186799 Laufzeit: 4 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|osidfjklsdw.exe (Trojan.SpyEyes) -> Daten: C:\osidfjklsdw\osidfjklsdw.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\osidfjklsdw (Trojan.SpyEyes) -> Keine Aktion durchgeführt. C:\skhfushjfls (Trojan.SpyEyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 5 C:\Users\Mary\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Backdoor.Bot) -> Keine Aktion durchgeführt. C:\Users\Mary\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt. C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\skhfushjfls\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt. (Ende) |
|
16.09.2012, 16:57
| #2 | |
| /// Helfer-Team  | GVU Trojaner auf Laptop (Windows Vista basic) Zitat:
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSearchScopes
IE - HKCU\..\SearchScopes\{6A961C9C-A095-4DF9-BC71-0D032D05D619}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_ptnrs=%5EABT&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87}] C:\Windows\test.bat File not found
O4 - HKCU..\Run: [osidfjklsdw.exe] C:\osidfjklsdw\osidfjklsdw.exe File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.26 19:32:10 | 000,000,305 | R--- | M] () - E:\AUTORUN.inf -- [ CDFS ]
O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.02.16 15:30:30 | 000,103,816 | R--- | M] (CANON INC.)
O33 - MountPoints2\{0a1b8d23-a839-11df-b54c-002622079336}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell - "" = AutoRun
O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell - "" = AutoRun
O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d5bb0289-21ff-11df-ab2f-002622079336}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe
[2012.09.15 12:31:37 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.14 09:45:21 | 000,001,728 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.04 21:52:02 | 000,000,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk
[2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.10 17:35:46 | 000,000,873 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\rcpggznm.default\searchplugins\conduit.xml
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Mary\*.tmp
C:\Users\Mary\AppData\Local\{*}
C:\Users\Mary\AppData\Local\Temp\*.exe
C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
16.09.2012, 18:40
| #3 |
| | GVU Trojaner auf Laptop (Windows Vista basic) Hallo t#john,
__________________vielen dank für die Hilfe. Ich mache mich gleich daran alle Schritte abzuarbeiten. Vorweg die Antwort auf deine Frage: ja, ich mache online banking von dem Rechner aus... schlecht? 1. Schritt: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A961C9C-A095-4DF9-BC71-0D032D05D619}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A961C9C-A095-4DF9-BC71-0D032D05D619}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 removed from extensions.enabledItems Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_ptnrs=%5EABT&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully. C:\Programme\Windows Live Toolbar\msntb.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Programme\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\osidfjklsdw.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. E:\AUTORUN.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088b40d1-a860-11de-8a41-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088b40d1-a860-11de-8a41-806e6f6e6963}\ not found. File move failed. E:\setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a1b8d23-a839-11df-b54c-002622079336}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a1b8d23-a839-11df-b54c-002622079336}\ not found. File F:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bccc08b-ebed-11df-9757-002622079336}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bccc08b-ebed-11df-9757-002622079336}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ab1f319-f31e-11df-ac60-002622079336}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90552e2e-97bb-11df-86d1-002622079336}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90552e2e-97bb-11df-86d1-002622079336}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5bb0289-21ff-11df-ab2f-002622079336}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5bb0289-21ff-11df-ab2f-002622079336}\ not found. File F:\SamsungSoftware\APPInst.exe not found. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. File C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully. C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\rcpggznm.default\searchplugins\conduit.xml moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. C:\ProgramData\Temp\{46F4D124-20E5-4D12-BE52-EC177A7A4B42} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\Mary\*.tmp not found. File\Folder C:\Users\Mary\AppData\Local\{*} not found. File\Folder C:\Users\Mary\AppData\Local\Temp\*.exe not found. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Mary\Desktop\cmd.bat deleted successfully. C:\Users\Mary\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 400707 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mary ->Temp folder emptied: 348897 bytes ->Temporary Internet Files folder emptied: 2569697 bytes ->FireFox cache emptied: 53765421 bytes ->Flash cache emptied: 1326 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15168 bytes RecycleBin emptied: 600064 bytes Total Files Cleaned = 55,00 mb OTL by OldTimer - Version 3.2.61.5 log created on 09162012_193742 Schritt 2: Malwarebytes SCAN: komplett Scan VOR dem OTL fix: Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.16.04 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Mary :: MARY-PC [Administrator] 16.09.2012 16:37:47 mbam-log-2012-09-16 (16-37-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 326297 Laufzeit: 53 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|osidfjklsdw.exe (Trojan.SpyEyes) -> Daten: C:\osidfjklsdw\osidfjklsdw.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\osidfjklsdw (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\skhfushjfls (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\Users\Mary\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Mary\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\65c7944d-5860a08e (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\skhfushjfls\config.bin (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) komplett Scan NACH dem OTL fix: Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.16.07 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Mary :: MARY-PC [Administrator] 16.09.2012 19:48:14 mbam-log-2012-09-16 (19-48-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325926 Laufzeit: 52 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Mary\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3. Schritt: adwcleaner 1 # AdwCleaner v2.001 - Datei am 09/16/2012 um 20:50:30 erstellt # Aktualisiert am 09/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 1 (32 bits) # Benutzer : Mary - MARY-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Mary\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\Ask.com Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\Users\Mary\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Mary\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\rcpggznm.default\Conduit Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Internet Browser] ***** -\\ Internet Explorer v7.0.6001.18000 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\rcpggznm.default\prefs.js Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gefunden : user_pref("CT2269050.CTID", "CT2269050"); Gefunden : user_pref("CT2269050.CurrentServerDate", "10-8-2010"); Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gefunden : user_pref("CT2269050.DownloadReferralCookieData", ""); Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gefunden : user_pref("CT2269050.FirstServerDate", "10-8-2010"); Gefunden : user_pref("CT2269050.FirstTime", true); Gefunden : user_pref("CT2269050.FirstTimeFF3", true); Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true); Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true); Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gefunden : user_pref("CT2269050.Initialize", true); Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true); Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1); Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Gefunden : user_pref("CT2269050.InstalledDate", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gefunden : user_pref("CT2269050.InvalidateCache", false); Gefunden : user_pref("CT2269050.IsGrouping", false); Gefunden : user_pref("CT2269050.IsMulticommunity", false); Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false); Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false); Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gefunden : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Aug 10 2010 17:35:47 GMT+0200"); Gefunden : user_pref("CT2269050.LatestVersion", "2.1.0.18"); Gefunden : user_pref("CT2269050.Locale", "en"); Gefunden : user_pref("CT2269050.LoginCache", 4); Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gefunden : user_pref("CT2269050.RadioIsPodcast", false); Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gefunden : user_pref("CT2269050.RadioMediaID", "12473383"); Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player"); Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gefunden : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Gefunden : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de"); Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true); Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1281105247"); Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Aug 10 2010 17:35:45 GMT+0200"); Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Gefunden : user_pref("CT2269050.Uninstall", true); Gefunden : user_pref("CT2269050.UserID", "UN28741209982521887"); Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 1); Gefunden : user_pref("CT2269050.WeatherNetwork", ""); Gefunden : user_pref("CT2269050.WeatherPollDate", "Tue Aug 10 2010 17:35:47 GMT+0200"); Gefunden : user_pref("CT2269050.WeatherUnit", "C"); Gefunden : user_pref("CT2269050.alertChannelId", "666138"); Gefunden : user_pref("CT2269050.clientLogIsEnabled", false); Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gefunden : user_pref("CT2269050.myStuffEnabled", true); Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] ************************* AdwCleaner[R1].txt - [9674 octets] - [16/09/2012 20:50:30] ########## EOF - C:\AdwCleaner[R1].txt - [9734 octets] ########## 4. Schritt: adwcleander 2 # AdwCleaner v2.001 - Datei am 09/16/2012 um 20:52:59 erstellt # Aktualisiert am 09/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 1 (32 bits) # Benutzer : Mary - MARY-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Mary\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Users\Mary\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Mary\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\rcpggznm.default\Conduit Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Internet Browser] ***** -\\ Internet Explorer v7.0.6001.18000 Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\rcpggznm.default\prefs.js Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2269050.CTID", "CT2269050"); Gelöscht : user_pref("CT2269050.CurrentServerDate", "10-8-2010"); Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gelöscht : user_pref("CT2269050.FirstServerDate", "10-8-2010"); Gelöscht : user_pref("CT2269050.FirstTime", true); Gelöscht : user_pref("CT2269050.FirstTimeFF3", true); Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true); Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2269050.Initialize", true); Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1); Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Gelöscht : user_pref("CT2269050.InstalledDate", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gelöscht : user_pref("CT2269050.InvalidateCache", false); Gelöscht : user_pref("CT2269050.IsGrouping", false); Gelöscht : user_pref("CT2269050.IsMulticommunity", false); Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false); Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Aug 10 2010 17:35:47 GMT+0200"); Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18"); Gelöscht : user_pref("CT2269050.Locale", "en"); Gelöscht : user_pref("CT2269050.LoginCache", 4); Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2269050.RadioIsPodcast", false); Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383"); Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de"); Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Aug 10 2010 17:35:46 GMT+0200"); Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1281105247"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Aug 10 2010 17:35:45 GMT+0200"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Gelöscht : user_pref("CT2269050.Uninstall", true); Gelöscht : user_pref("CT2269050.UserID", "UN28741209982521887"); Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 1); Gelöscht : user_pref("CT2269050.WeatherNetwork", ""); Gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Aug 10 2010 17:35:47 GMT+0200"); Gelöscht : user_pref("CT2269050.WeatherUnit", "C"); Gelöscht : user_pref("CT2269050.alertChannelId", "666138"); Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false); Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT2269050.myStuffEnabled", true); Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 10 2010 17:35:48 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] ************************* AdwCleaner[R1].txt - [9803 octets] - [16/09/2012 20:50:30] AdwCleaner[S1].txt - [10179 octets] - [16/09/2012 20:52:59] ########## EOF - C:\AdwCleaner[S1].txt - [10240 octets] ########## |
|
18.09.2012, 01:57
| #4 | ||
| /// Helfer-Team | GVU Trojaner auf Laptop (Windows Vista basic)Zitat:
Den Rechner solltest du neuaufsetzen. Zitat:
Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern. Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
18.09.2012, 05:24
| #5 | |
| | GVU Trojaner auf Laptop (Windows Vista basic) Ohjeh... Na gut - alle Konten geprüft, nix passiert. Alles sperren lassen, alles gut. Neue Passworte im Anmarsch. Dann werd ich das System neu aufsetzen. Zitat:
Ich werde für das Neu Aufsetzten ein bisschen Zeit brauchen - melde mich wieder hier in dem Thread wenn ich mit Deiner Anleitung weiter bin! VIELEN VIELEN Dank für die Hilfe!!!! |
|
19.09.2012, 16:55
| #6 |
| /// Helfer-Team | GVU Trojaner auf Laptop (Windows Vista basic) Alles klar 
__________________ --> GVU Trojaner auf Laptop (Windows Vista basic) |
|
25.09.2012, 07:20
| #7 |
| | GVU Trojaner auf Laptop (Windows Vista basic) So, es hat etwas gedauert da ich viel arbeiten musste in der letzten Woche, aber - geschafft!!! Die zu sichenden Daten sind auf einer exteren Festplatte. Habe alles formatiert und den Rechner mit Windows 7 neu aufgesetzt. Habe Avira installiert und drüberlaufen lassen. Der findet nix. Nun ein paar (vielleicht unqualifizierte weil ich wirklich wenig von dem allen habe, was ich hier Schritt für Schritt auf dein Geheiß hin getan habe...) Fragen: Frage1: Ist mein Rechner wieder sauber, gut und vertrauenswürdig? Frage2: Wie kann ich die Daten auf der externen Festplatte prüfen? Festplatte einfach an den neu aufgesetzen Laptop anschliessen und dann... welches Programm drüber laufen lassen? Avira? Frage3: Ich habe Avira installiert. Ist es sinnvoll Malewarebytes ebefalls auf dem Rechner zu installieren und einmal im Monat einen Vollständigen Scan damit zu machen? Oder besser einfach nur bei einem bleiben? Frage4: Muss ich die Servicepacks von Windows extra irgendwo runterladen und installieren oder sind sie automatisch schon mit dabei? (Die Windows Updates laufen automatisch) Weiterhin: Herzlichen Dank für Deine Unterstützung!! |
|
27.09.2012, 13:34
| #8 | |||||
| /// Helfer-Team | GVU Trojaner auf Laptop (Windows Vista basic)Zitat:
Java deaktiviert? Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html Zitat:
Zitat:
MBAM ist ein Spezialscanner und vertraegt sich mit einem Anti-Virus-Scanner im Gegensatz zu zwei Anti-Viren-Scannern. Zitat:
Zitat:
|
|
01.10.2012, 07:48
| #9 | |
| | GVU Trojaner auf Laptop (Windows Vista basic) Guten Morgen! Zu JAVA: Finde unter chrome://plugins/ kein Java. Glaube es ist noch nicht wieder installiert... Brauche aber Java um von daheim über den Remote Desktop arbeiten zu können...Immer wenn ich mich dort einloggen will (funktioniert mit einem Hardware Token) muss die aktuellste Javaversion auf dem Laptop sein... sagt zumindest die Seite über die ich mich einloggen will... (Hat sie zumindest gesagt, bevor ich meinen Rechner neu aufgesetzt habe. Seither hab ich das noch nicht wieder versucht...) - Kann ich Java trotzdem installieren? Bzw wenn ich es installiert habe und dann das Plugin deaktiviere, kann ich es dennoch nutzen? (Sorry, bin wirklich nicht so klug was das alles angeht....) Zitat:
Avira und Malewarebites: Beides installiert und bisher keine Funde, weder auf der externen Festplatte mit meinen Daten noch auf dem neuaufgesetzen Laptop! -> Daten wieder auf dem Laptop! Windows 7: Zieht brav ständig Updates und installiert sie automatisch! So schlecht scheints gar nicht auszusehen, auch wenn ich das nicht so recht beurteilen kann...  Weiterhin: Ein ganz großes Dankeschön für die Hilfe und Unterstützung und die Zeit, die Du Dir dafür nimmst!! |
|
| Themen zu GVU Trojaner auf Laptop (Windows Vista basic) |
| antivir, application/pdf:, avira, avira searchfree toolbar, backdoor.bot, bho, bonjour, canon, converter, desktop, error, excel, firefox, flash player, home, install.exe, lenovo, limited.com/facebook, malware, microsoft office 2003, mp3, office 2007, please wait, plug-in, pup.offerbundler.st, rootkit, security, software, starten, tracker, trojan.ransom.gen, trojan.spyeyes, usb 2.0, vista, wgsdgsdgdsgsd.exe, windows |
Linear-Darstellung
