Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop (Windows Vista basic)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 16.09.2012, 09:31   #1
Mary_
 
GVU Trojaner auf Laptop (Windows Vista basic) - Standard

GVU Trojaner auf Laptop (Windows Vista basic)



Hallo zusammen,

auch mich hats erwischt - ich habe mir den GVU Trojaner auf den Rechner geholt.



Ich kann nur noch im abgesicherten Modus starten und ins Internet gehen, sobald ich "ganz normal" starte und eine Internetverbindung vorhanden ist, wird der komplette Laptop gesperrt und ich werde aufgefordert, Geld zum entsperren irgendwohin zu überweisen.

Wie hier im Forum beschrieben, habe ich mir den Defogger herunter geladen und als Admin gestartet. Nach dem start kommt nur ein Fenster, in dem steht:
"Defogger is a tool to disable CD Emulator Drivers that interfere with anti rootkit programs and other anti malware tools. If you are using this in conjunction with assistance from a Malware Removal Professional, please wait until they have finished assisting you before clicking re-enable". Darunter kann ich entweder "Disable" oder "Reenable" klicken.
Habe mal weder noch geklickt...

OTL habe ich im nächsten schritt herunter geladen, und hier sind die logs von dem Quick Scan.

Vorneweg noch: ich bin für Eure Hilfe sehr dankbar, denn allein komm ich aus der Nummer nicht mehr raus (als Computer-analphabet...)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2012 10:06:44 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mary\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free
4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS
Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 09:57:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Downloads\OTL.exe
PRC - [2009.09.02 09:31:19 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012.09.16 09:43:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.30 06:55:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.05.06 20:04:36 | 000,412,736 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.05.06 20:04:36 | 000,379,968 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2008.09.27 20:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.02.15 01:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2008.02.14 22:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.11 18:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 19:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.04.25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.09.23 18:57:45 | 000,048,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.06.30 00:06:38 | 000,047,432 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2009.05.22 19:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.03.31 04:51:32 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.03.03 01:15:24 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2009.03.03 01:14:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.01.06 14:50:42 | 000,014,848 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.14 15:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.10 19:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.05.23 10:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcSearchScopes
IE - HKCU\..\SearchScopes\{6A961C9C-A095-4DF9-BC71-0D032D05D619}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=237b4739-7609-4833-870d-08d6de0b6c2f&apn_ptnrs=%5EABT&apn_sauid=DEE47037-66CE-4D52-9CDC-E52CFF911BCE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mary\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 09:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.26 16:30:50 | 000,000,000 | ---D | M]
 
[2010.01.30 12:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Extensions
[2012.05.02 10:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions
[2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}-trash
[2010.08.10 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\rcpggznm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash
[2010.08.10 17:35:46 | 000,000,873 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\rcpggznm.default\searchplugins\conduit.xml
[2012.04.05 16:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.19 10:08:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.16 09:43:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012.03.04 15:34:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[1999.12.31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.04.05 16:08:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 09:43:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.05 16:08:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.05 16:08:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.05 16:08:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.05 16:08:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mary\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [osidfjklsdw.exe] C:\osidfjklsdw\osidfjklsdw.exe File not found
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5A7ABC-1A2C-4E00-A5FD-6A7C8FD46BE1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB0D7453-45E6-49BA-BA4A-13881045B694}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mary\Pictures\Bilder\2011\Australien\DSCF1225.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.26 19:32:10 | 000,000,305 | R--- | M] () - E:\AUTORUN.inf -- [ CDFS ]
O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{088b40d1-a860-11de-8a41-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.02.16 15:30:30 | 000,103,816 | R--- | M] (CANON INC.)
O33 - MountPoints2\{0a1b8d23-a839-11df-b54c-002622079336}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell - "" = AutoRun
O33 - MountPoints2\{1bccc08b-ebed-11df-9757-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\1\Command - "" = F:\.\recycled\info.exe
O33 - MountPoints2\{5ab1f319-f31e-11df-ac60-002622079336}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell - "" = AutoRun
O33 - MountPoints2\{90552e2e-97bb-11df-86d1-002622079336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d5bb0289-21ff-11df-ab2f-002622079336}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Canon
[2012.09.04 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.09.04 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.09.04 21:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon SELPHY CP800
[2012.09.04 21:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonCP
[2012.09.04 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2012.09.02 20:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.08.30 06:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.08.30 06:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.08.30 06:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.26 16:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ICAClient
[2012.08.26 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Citrix
[2012.08.26 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012.08.26 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Juniper Networks
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 09:48:34 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.16 09:48:34 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 09:48:34 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.16 09:48:34 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 09:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 12:51:55 | 000,001,356 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.09.15 12:31:37 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 12:29:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 12:28:48 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012.09.14 09:45:21 | 000,001,728 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.14 09:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job
[2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job
[2012.09.04 21:52:02 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk
[2012.09.04 21:52:02 | 000,000,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk
[2012.09.04 21:51:03 | 000,000,010 | ---- | M] () -- C:\Windows\WININIT.INI
[2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.09.02 20:38:35 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.14 09:45:21 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.14 09:45:21 | 000,001,728 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.04 21:52:02 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\SELPHY Photo Print.lnk
[2012.09.04 21:52:02 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk
[2012.09.04 21:51:03 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.08.30 06:55:39 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.25 20:04:14 | 000,000,147 | ---- | C] () -- C:\Users\Mary\GO-Conference.ini
[2012.03.30 16:25:44 | 000,001,356 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012.01.28 12:14:17 | 000,000,503 | ---- | C] () -- C:\Windows\wiso.ini
[2011.09.13 11:07:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.13 11:07:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.13 11:07:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.13 11:07:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.13 11:07:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.13 11:07:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.13 11:07:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.13 11:07:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.13 11:07:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.09.13 11:07:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.13 11:07:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.13 11:07:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.13 11:07:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.13 11:07:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.13 11:07:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.13 11:07:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.13 11:07:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.03.07 16:37:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.05 18:05:05 | 000,052,736 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.30 12:43:03 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== LOP Check ==========
 
[2012.01.28 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Buhl Data Service
[2012.09.04 22:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon
[2012.09.15 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Dropbox
[2010.08.10 08:56:46 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.30 12:42:13 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EasyCapture
[2012.07.16 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EndNote
[2012.04.05 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\EPSON
[2012.08.30 06:59:20 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ICAClient
[2010.02.06 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\InterVideo
[2012.08.26 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Juniper Networks
[2011.07.17 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ProtectDisc
[2012.09.15 12:32:12 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.09.04 22:13:01 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004Core.job
[2012.09.04 22:13:11 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2552987428-1641697541-463011221-1004UA.job
[2012.09.14 09:59:27 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


und das extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2012 10:06:44 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mary\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 81,22% Memory free
4,15 Gb Paging File | 3,93 Gb Available in Paging File | 94,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 39,75 Gb Free Space | 37,82% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 11,97 Gb Free Space | 40,99% Space Free | Partition Type: NTFS
Drive E: | 134,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EA9C946-10F6-4A8C-B04B-AF90B47AAB7A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2032AFFE-A0DA-4770-BC69-B059C0FB5789}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59788A46-BC27-4A8A-AFF4-1968420A5E94}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C777B5C4-4F0A-4D7C-838B-1D007AC51150}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CA9EE86A-1BFE-4E33-853A-A0EC896C43B0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CC3E6570-D4D5-4D3A-B586-9953D18DFE4E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D3424B99-B790-4F02-A2B3-BD7E19660778}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D58170DC-D20E-473C-98F6-B2B30A0670C2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D93A9B57-2E14-490C-9C7F-ECF5297A5643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E0BAABA7-CA91-4663-86DF-22E9D241AA02}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153398D-C46C-4C00-A63B-8F49B06B9022}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E8CE467-5519-47C5-9D86-3E94CC21ABD9}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{15D49E45-F916-4197-8EA0-5249FD9C884C}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{1F9EEF11-F94A-46A9-A8F5-AA9AA5AB241D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2D748D13-62D7-4404-90F5-8601F060D911}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{2E77DAA5-15C6-40FA-A791-CCAD8EFC1B44}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{3078F19F-13E7-4C94-8751-51168860CEE5}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{38FA975E-65DD-4F5B-A6EE-BFFFFC8D9EF7}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | 
"{438DB66F-4394-4CA3-BF0C-2D8E737E526B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A521222-1A90-4D3E-B613-C3BE7DE42D39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4DFAFB8D-31FF-42BD-AF45-B804913A8D24}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{57EDD7F0-4E0D-4E69-94BB-D0F3FD0978B6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{599AF7FC-0E78-47BF-A1AE-2E2D1804071C}" = dir=in | app=c:\users\mary\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{5B11DD1A-4ABA-4216-BFDD-38210C168744}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{5C109361-9364-4800-8BF8-C4F15314F36D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5DEAA9DB-B306-459A-8C02-D693448AD076}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{761D9509-84A3-4D99-A122-5833D4AD6C18}" = dir=in | app=c:\program files\lenovo\readycomm\threegservice.exe | 
"{7A6D67D0-D421-487A-9926-806AE139BD46}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | 
"{85E72C0C-5B1C-450E-919B-ABC0435BAA0C}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{93258E1A-4660-4E3D-B2D0-E2C445E73FCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9932DEE5-DF8F-45C9-9B7B-C3A1EDA703B6}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{AF736150-591C-47CD-AE79-169A564CAA62}" = dir=out | app=c:\program files\lenovo\readycomm\threegservice.exe | 
"{C4B62770-4035-4D78-8976-3E481FEEDB09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C56CBA85-0900-4259-937B-C7FE9BD173C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CF87CA75-8995-4225-A2FA-05F433E5C6D0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{DF96C1FF-68C0-479E-84A0-E8C555F2BDB1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E0EBFBA3-18B5-4B16-B496-7714AE3E010B}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | 
"{E4A70759-4310-4B5A-B3F4-E8C0247FD951}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{E75C79B0-CA96-41B2-833E-A75CFC003FAB}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{EACEB393-ADBA-431E-8B47-ADBD6BC61ABA}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{FD2D392E-57A8-45D8-BCC7-9EDABA03ABB7}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{FFD19868-D64D-46DB-A77C-CC1CECDB6BCC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5.0
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon SELPHY CP800" = Canon SELPHY CP800
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EasyCapture3.5" = EasyCapture
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SELPHY Photo Print" = Canon Utilities SELPHY Photo Print
"SELPHY Print Contents 110" = Canon Utilities SELPHY Print Contents 1.1.0
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Windows Live Toolbar" = Windows Live Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 10:18:35 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9142
 
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10375
 
Error - 01.07.2012 10:18:37 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10375
 
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12309
 
Error - 01.07.2012 10:18:39 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12309
 
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13526
 
Error - 01.07.2012 10:18:40 | Computer Name = Mary-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13526
 
[ System Events ]
Error - 15.09.2012 15:14:40 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.09.2012 15:15:26 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.09.2012 15:19:55 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.09.2012 03:43:26 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.09.2012 03:43:28 | Computer Name = Mary-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 16.09.2012 03:43:34 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.09.2012 03:43:37 | Computer Name = Mary-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.09.2012 03:44:34 | Computer Name = Mary-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---
ganz vergessen:

das ergab der qickscan mit malwarebytes:

Malwarebytes Anti-Malware 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.16.04

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Mary :: MARY-PC [Administrator]

16.09.2012 12:28:14
mbam-log-2012-09-16 (12-33-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186799
Laufzeit: 4 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|osidfjklsdw.exe (Trojan.SpyEyes) -> Daten: C:\osidfjklsdw\osidfjklsdw.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\osidfjklsdw (Trojan.SpyEyes) -> Keine Aktion durchgeführt.
C:\skhfushjfls (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\Users\Mary\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Backdoor.Bot) -> Keine Aktion durchgeführt.
C:\Users\Mary\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt.
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\skhfushjfls\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

(Ende)

 

Themen zu GVU Trojaner auf Laptop (Windows Vista basic)
antivir, application/pdf:, avira, avira searchfree toolbar, backdoor.bot, bho, bonjour, canon, converter, desktop, error, excel, firefox, flash player, home, install.exe, lenovo, limited.com/facebook, malware, microsoft office 2003, mp3, office 2007, please wait, plug-in, pup.offerbundler.st, rootkit, security, software, starten, tracker, trojan.ransom.gen, trojan.spyeyes, usb 2.0, vista, wgsdgsdgdsgsd.exe, windows




Ähnliche Themen: GVU Trojaner auf Laptop (Windows Vista basic)


  1. W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI
    Log-Analyse und Auswertung - 21.05.2015 (33)
  2. Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit
    Log-Analyse und Auswertung - 22.02.2015 (37)
  3. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  4. Standrechner (Windows 7) und Laptop (Windows Vista SP2) infiziert - PUP Optional Frostwire TB
    Log-Analyse und Auswertung - 18.10.2014 (14)
  5. TR/Agent.131072.V - Fund von Antivir \Windows Vista Home Basic Service Pack 2
    Log-Analyse und Auswertung - 13.10.2013 (15)
  6. Windows Vista (Laptop) Gvu-Trojaner; vermutlich noch mehr
    Log-Analyse und Auswertung - 22.09.2013 (11)
  7. Vista 64bit Home Basic unbekanntes Benutzerkonto
    Alles rund um Windows - 18.08.2013 (1)
  8. Abstürze, totale Verlangsamung bei Windows Vista Home Basic mit Internet Explorer und anderen Browsern
    Log-Analyse und Auswertung - 18.08.2013 (1)
  9. Laptop mit Windows Vista (32bit) infiziert mit JS/Agent.480412 (BKA-Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (12)
  10. GVU Trojaner auf dem Laptop (Vista), Kaspersky Windows Unlocker brachte nichts
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (33)
  11. TR/Kazy - Trojaner in mehreren Varianten auf meinem Windows Vista Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (20)
  12. GVU 2.07 Trojaner auf Laptop Windows Vista
    Log-Analyse und Auswertung - 26.09.2012 (12)
  13. GVU-Trojaner auf Laptop (Windows Vista / 32bit System)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  14. Trojaner auf alten Laptop mit Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (7)
  15. GEMA Trojaner, Laptop mit Windows Vista Service Pack 2,(5suxrt589cxuftg)
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (6)
  16. Trojaner: Kazy.mekml.1. Windows Vista Basic
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. Probleme mit neuer Grafikkarte unter Vista Home Basic 32bit
    Alles rund um Windows - 11.01.2010 (1)

Zum Thema GVU Trojaner auf Laptop (Windows Vista basic) - Hallo zusammen, auch mich hats erwischt - ich habe mir den GVU Trojaner auf den Rechner geholt. Ich kann nur noch im abgesicherten Modus starten und ins Internet gehen, sobald - GVU Trojaner auf Laptop (Windows Vista basic)...
Archiv
Du betrachtest: GVU Trojaner auf Laptop (Windows Vista basic) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.