![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop (Windows Vista basic)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() GVU Trojaner auf Laptop (Windows Vista basic) Hallo zusammen, auch mich hats erwischt - ich habe mir den GVU Trojaner auf den Rechner geholt. ![]() Ich kann nur noch im abgesicherten Modus starten und ins Internet gehen, sobald ich "ganz normal" starte und eine Internetverbindung vorhanden ist, wird der komplette Laptop gesperrt und ich werde aufgefordert, Geld zum entsperren irgendwohin zu überweisen. Wie hier im Forum beschrieben, habe ich mir den Defogger herunter geladen und als Admin gestartet. Nach dem start kommt nur ein Fenster, in dem steht: "Defogger is a tool to disable CD Emulator Drivers that interfere with anti rootkit programs and other anti malware tools. If you are using this in conjunction with assistance from a Malware Removal Professional, please wait until they have finished assisting you before clicking re-enable". Darunter kann ich entweder "Disable" oder "Reenable" klicken. Habe mal weder noch geklickt... OTL habe ich im nächsten schritt herunter geladen, und hier sind die logs von dem Quick Scan. Vorneweg noch: ich bin für Eure Hilfe sehr dankbar, denn allein komm ich aus der Nummer nicht mehr raus (als Computer-analphabet...) OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 10:06:44 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mary\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free 4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 09:57:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Downloads\OTL.exe PRC - [2009.09.02 09:31:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security) SRV - [2012.09.16 09:43:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 06:55:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.05.06 20:04:36 | 000,412,736 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.05.06 20:04:36 | 000,379,968 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2008.09.27 20:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor) SRV - [2008.02.15 01:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2008.02.14 22:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.11 18:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 19:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX) DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.09.23 18:57:45 | 000,048,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.06.30 00:06:38 | 000,047,432 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon) DRV - [2009.05.22 19:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.03.31 04:51:32 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.03.03 01:15:24 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou) DRV - [2009.03.03 01:14:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.01.06 14:50:42 | 000,014,848 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.03.14 15:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.10 19:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2007.05.23 10:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcSearchScopes IE - HKCU\..\SearchScopes\{6A961C9C-A095-4DF9-BC71-0D032D05D619}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_ptnrs=%5EABT&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mary\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 09:43:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.26 16:30:50 | 000,000,000 | ---D | M] [2010.01.30 12:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Extensions [2012.05.02 10:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}-trash [2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash [2010.08.10 17:35:46 | 000,000,873 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\rcpggznm.default\searchplugins\conduit.xml [2012.04.05 16:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.19 10:08:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.16 09:43:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012.03.04 15:34:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [1999.12.31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.04.05 16:08:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 09:43:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.05 16:08:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.05 16:08:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.05 16:08:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.05 16:08:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87}] C:\Windows\test.bat File not found O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\Mary\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [osidfjklsdw.exe] C:\osidfjklsdw\osidfjklsdw.exe File not found O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5A7ABC-1A2C-4E00-A5FD-6A7C8FD46BE1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB0D7453-45E6-49BA-BA4A-13881045B694}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG O24 - Desktop BackupWallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.01.26 19:32:10 | 000,000,305 | R--- | M] () - E:\AUTORUN.inf -- [ CDFS ] O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.02.16 15:30:30 | 000,103,816 | R--- | M] (CANON INC.) O33 - MountPoints2\{0a1b8d23-a839-11df-b54c-002622079336}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell - "" = AutoRun O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\1\Command - "" = F:\.\recycled\info.exe O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell - "" = AutoRun O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d5bb0289-21ff-11df-ab2f-002622079336}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Canon [2012.09.04 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012.09.04 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2012.09.04 21:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon SELPHY CP800 [2012.09.04 21:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonCP [2012.09.04 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon [2012.09.02 20:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.30 06:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.30 06:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.08.30 06:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.26 16:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ICAClient [2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Citrix [2012.08.26 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2012.08.26 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Juniper Networks ========== Files - Modified Within 30 Days ========== [2012.09.16 09:48:34 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 09:48:34 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 09:48:34 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 09:48:34 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.16 09:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.15 12:51:55 | 000,001,356 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat [2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.09.15 12:31:37 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 12:28:48 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2012.09.14 09:45:21 | 000,001,728 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.14 09:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job [2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job [2012.09.04 21:52:02 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk [2012.09.04 21:52:02 | 000,000,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2012.09.04 21:51:03 | 000,000,010 | ---- | M] () -- C:\Windows\WININIT.INI [2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ========== Files Created - No Company Name ========== [2012.09.14 09:45:21 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.14 09:45:21 | 000,001,728 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.09.04 21:52:02 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk [2012.09.04 21:52:02 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2012.09.04 21:51:03 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.25 20:04:14 | 000,000,147 | ---- | C] () -- C:\Users\Mary\GO-Conference.ini [2012.03.30 16:25:44 | 000,001,356 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat [2012.01.28 12:14:17 | 000,000,503 | ---- | C] () -- C:\Windows\wiso.ini [2011.09.13 11:07:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.09.13 11:07:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.09.13 11:07:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.09.13 11:07:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.09.13 11:07:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.09.13 11:07:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.09.13 11:07:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.09.13 11:07:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.09.13 11:07:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.09.13 11:07:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.09.13 11:07:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.09.13 11:07:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.09.13 11:07:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.09.13 11:07:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.09.13 11:07:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.03.07 16:37:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.05 18:05:05 | 000,052,736 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.30 12:43:03 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml ========== LOP Check ========== [2012.01.28 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Buhl Data Service [2012.09.04 22:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon [2012.09.15 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Dropbox [2010.08.10 08:56:46 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.30 12:42:13 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EasyCapture [2012.07.16 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EndNote [2012.04.05 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EPSON [2012.08.30 06:59:20 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ICAClient [2010.02.06 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\InterVideo [2012.08.26 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Juniper Networks [2011.07.17 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ProtectDisc [2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job [2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job [2012.09.14 09:59:27 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und das extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 10:06:44 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mary\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free 4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EA9C946-10F6-4A8C-B04B-AF90B47AAB7A}" = lport=137 | protocol=17 | dir=in | app=system | "{2032AFFE-A0DA-4770-BC69-B059C0FB5789}" = lport=138 | protocol=17 | dir=in | app=system | "{59788A46-BC27-4A8A-AFF4-1968420A5E94}" = rport=138 | protocol=17 | dir=out | app=system | "{C777B5C4-4F0A-4D7C-838B-1D007AC51150}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CA9EE86A-1BFE-4E33-853A-A0EC896C43B0}" = rport=137 | protocol=17 | dir=out | app=system | "{CC3E6570-D4D5-4D3A-B586-9953D18DFE4E}" = rport=445 | protocol=6 | dir=out | app=system | "{D3424B99-B790-4F02-A2B3-BD7E19660778}" = rport=139 | protocol=6 | dir=out | app=system | "{D58170DC-D20E-473C-98F6-B2B30A0670C2}" = lport=445 | protocol=6 | dir=in | app=system | "{D93A9B57-2E14-490C-9C7F-ECF5297A5643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E0BAABA7-CA91-4663-86DF-22E9D241AA02}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0153398D-C46C-4C00-A63B-8F49B06B9022}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0E8CE467-5519-47C5-9D86-3E94CC21ABD9}" = dir=out | app=c:\windows\system32\igrssvcs.exe | "{15D49E45-F916-4197-8EA0-5249FD9C884C}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | "{1F9EEF11-F94A-46A9-A8F5-AA9AA5AB241D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2D748D13-62D7-4404-90F5-8601F060D911}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | "{2E77DAA5-15C6-40FA-A791-CCAD8EFC1B44}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{3078F19F-13E7-4C94-8751-51168860CEE5}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | "{38FA975E-65DD-4F5B-A6EE-BFFFFC8D9EF7}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{438DB66F-4394-4CA3-BF0C-2D8E737E526B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4A521222-1A90-4D3E-B613-C3BE7DE42D39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4DFAFB8D-31FF-42BD-AF45-B804913A8D24}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | "{57EDD7F0-4E0D-4E69-94BB-D0F3FD0978B6}" = dir=in | app=c:\program files\itunes\itunes.exe | "{599AF7FC-0E78-47BF-A1AE-2E2D1804071C}" = dir=in | app=c:\users\mary\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{5B11DD1A-4ABA-4216-BFDD-38210C168744}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{5C109361-9364-4800-8BF8-C4F15314F36D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5DEAA9DB-B306-459A-8C02-D693448AD076}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{761D9509-84A3-4D99-A122-5833D4AD6C18}" = dir=in | app=c:\program files\lenovo\readycomm\threegservice.exe | "{7A6D67D0-D421-487A-9926-806AE139BD46}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | "{85E72C0C-5B1C-450E-919B-ABC0435BAA0C}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | "{93258E1A-4660-4E3D-B2D0-E2C445E73FCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{9932DEE5-DF8F-45C9-9B7B-C3A1EDA703B6}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | "{AF736150-591C-47CD-AE79-169A564CAA62}" = dir=out | app=c:\program files\lenovo\readycomm\threegservice.exe | "{C4B62770-4035-4D78-8976-3E481FEEDB09}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C56CBA85-0900-4259-937B-C7FE9BD173C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CF87CA75-8995-4225-A2FA-05F433E5C6D0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{DF96C1FF-68C0-479E-84A0-E8C555F2BDB1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{E0EBFBA3-18B5-4B16-B496-7714AE3E010B}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{E4A70759-4310-4B5A-B3F4-E8C0247FD951}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{E75C79B0-CA96-41B2-833E-A75CFC003FAB}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | "{EACEB393-ADBA-431E-8B47-ADBD6BC61ABA}" = dir=in | app=c:\windows\system32\igrssvcs.exe | "{FD2D392E-57A8-45D8-BCC7-9EDABA03ABB7}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{FFD19868-D64D-46DB-A77C-CC1CECDB6BCC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5.0 "{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV) "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management "{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX) "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AudibleDownloadManager" = Audible Download Manager "Avira AntiVir Desktop" = Avira Free Antivirus "Canon SELPHY CP800" = Canon SELPHY CP800 "CCleaner" = CCleaner "CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web "CNXT_AUDIO_HDA" = Conexant HD Audio "EasyCapture3.5" = EasyCapture "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa 3" = Picasa 3 "SELPHY Photo Print" = Canon Utilities SELPHY Photo Print "SELPHY Print Contents 110" = Canon Utilities SELPHY Print Contents 1.1.0 "TeamViewer 6" = TeamViewer 6 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Windows Live Toolbar" = Windows Live Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Dropbox" = Dropbox "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.07.2012 10:18:35 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9142 Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10375 Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10375 Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12309 Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12309 Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13526 Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13526 [ System Events ] Error - 15.09.2012 15:14:40 | Computer Name = Mary-PC | Source = DCOM | ID = 10005 Description = Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001 Description = Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2012 15:19:55 | Computer Name = Mary-PC | Source = DCOM | ID = 10005 Description = Error - 16.09.2012 03:43:26 | Computer Name = Mary-PC | Source = DCOM | ID = 10005 Description = Error - 16.09.2012 03:43:28 | Computer Name = Mary-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 16.09.2012 03:43:34 | Computer Name = Mary-PC | Source = DCOM | ID = 10005 Description = Error - 16.09.2012 03:43:37 | Computer Name = Mary-PC | Source = DCOM | ID = 10005 Description = Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > ganz vergessen: das ergab der qickscan mit malwarebytes: Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.16.04 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Mary :: MARY-PC [Administrator] 16.09.2012 12:28:14 mbam-log-2012-09-16 (12-33-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186799 Laufzeit: 4 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|osidfjklsdw.exe (Trojan.SpyEyes) -> Daten: C:\osidfjklsdw\osidfjklsdw.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\osidfjklsdw (Trojan.SpyEyes) -> Keine Aktion durchgeführt. C:\skhfushjfls (Trojan.SpyEyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 5 C:\Users\Mary\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Backdoor.Bot) -> Keine Aktion durchgeführt. C:\Users\Mary\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt. C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\skhfushjfls\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt. (Ende) |
Themen zu GVU Trojaner auf Laptop (Windows Vista basic) |
antivir, application/pdf:, avira, avira searchfree toolbar, backdoor.bot, bho, bonjour, canon, converter, desktop, error, excel, firefox, flash player, home, install.exe, lenovo, limited.com/facebook, malware, microsoft office 2003, mp3, office 2007, please wait, plug-in, pup.offerbundler.st, rootkit, security, software, starten, tracker, trojan.ransom.gen, trojan.spyeyes, usb 2.0, vista, wgsdgsdgdsgsd.exe, windows |