wgsdgsdgdsgsd.exe mit Bildschirmsperre

corb · 27.01.2013, 18:09

Hallo,

ich habe vor zwei Tagen einen kleinen Notruf von meinem Vater bekommen, der sich anscheinen den GVU-Trojaner mit Bildschirmsperre eingefangen hat (trots MSE).

Ich hab ihm erstmal eine Desinfect DVD geschickt zum grundsaetzlichen testen.

Ergebnis war dann folgendes:

Code:

ATTFilter

Infizierte Datei	ggf. Datei in Archiv	Fund durch Avira	Fund durch Bitdefender		
					
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F74A503A-7270-0A62-539D-1D832363F9F6}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{792A3619-BFA3-D809-FBF2-61A2F6132C08}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5F054686-253D-BCB0-A72E-A17F85B31BFB}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F81405C0-4F2D-7632-4515-7FD3E6554729}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{CC13416D-8A12-1944-2350-F05AEED00781}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235					
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DA69F225-6739-3446-374A-7B9900A2B5F1}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{252771C9-BCBE-392E-601A-21B37E9B7E03}-wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F81405C0-4F2D-7632-4515-7FD3E6554729}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246		
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DA69F225-6739-3446-374A-7B9900A2B5F1}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246		
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{CC13416D-8A12-1944-2350-F05AEED00781}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246		
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5F054686-253D-BCB0-A72E-A17F85B31BFB}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246					
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F74A503A-7270-0A62-539D-1D832363F9F6}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246		
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{792A3619-BFA3-D809-FBF2-61A2F6132C08}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246		
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{252771C9-BCBE-392E-601A-21B37E9B7E03}-wgsdgsdgdsgsd.exe	(Quarantine-PE)		Trojan.Generic.KDZ.5246
/media/OS/Users/***/wgsdgsdgdsgsd.exe		TR/Rogue.kdz.5235	Trojan.Generic.KDZ.5246
/media/OS/$Recycle.Bin/S-1-5-21-786198017-444987732-4098480886-500/$RKSH4ES.exe		APPL/GetRightToGo.Gen5
/media/OS/Users/***/AppData/Local/Temp/ICReinstall/PDFCreatorSetup.exe		ADWARE/InstallCore.Gen	Gen:Variant.Graftor.47533
/media/OS/Users/***/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/ZL8RWBCS/spl[1].htm		JS/Expack.GO
/media/OS/Users/***/AppData/Local/Temp/36706676.Uninstall/Uninstall.exe		ADWARE/InstallCore.Gen	Gen:Variant.Graftor.47533

Alles was wgsdgsdgdsgsd.exe anbelangt hab ich geloescht. Ebenfalls die wgsdgsdgdsgsd.pad aus ProgramData.

Als naechstes kam dann MBAM dran mit folgendem Ergebnis im Quickscan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.27.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Administrator :: ***-PC [Administrator]

Schutz: Deaktiviert

27.01.2013 13:39:05
MBAM-log-2013-01-27 (13-53-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302870
Laufzeit: 13 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\$Recycle.Bin\S-1-5-21-786198017-444987732-4098480886-500\$RKSH4ES.exe (Trojan.Agent.STB) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> Keine Aktion durchgeführt.

(Ende)

$RKSH4ES.exe und avdrn.dat habe ich im Anschluss dann auch gekillt. Ein ausfuehrlicher MBAM-Scan nach Neustart hat dann nichts mehr gebracht.

OTL schmeisst folgendes raus:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.01.2013 15:45:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 65,67% Memory free
4,13 Gb Paging File | 3,65 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,96 Gb Total Space | 59,01 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,33 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.27 12:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.12.14 10:17:04 | 004,103,672 | ---- | M] (TeamViewer GmbH) -- c:\users\admini~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
PRC - [2012.12.14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Users\ADMINI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2013.01.09 11:27:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.10 08:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006.12.12 17:50:18 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007.07.11 10:28:00 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.07.10 08:03:44 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.12.12 17:50:22 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.10.19 17:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006.10.19 17:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=142E2A23-AF55-4B3B-8409-67FFAB5A7414&apn_sauid=16AC715A-6F99-4DAB-A1BF-6930388BD620
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.21 09:51:23 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GBMPro7Agent] C:\Programme\Genie-Soft\GBMPro7\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-786198017-444987732-4098480886-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://www.netnews.cc/netfoto/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4E22C7-F818-432B-930C-FB193290FCA4}: DhcpNameServer = 192.168.168.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25af4c47-8095-11dc-91db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{25af4c47-8095-11dc-91db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.27 15:44:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.27 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.01.27 13:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.27 13:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.27 13:37:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.27 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.27 12:03:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013.01.27 11:32:07 | 000,000,000 | ---D | C] -- C:\andreas
[2013.01.22 22:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2013.01.22 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013.01.22 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.22 22:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.22 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Digital Editions
[2013.01.22 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Kobo
[2013.01.22 13:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2013.01.22 13:09:42 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2013.01.22 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.27 14:09:14 | 001,593,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.27 14:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 13:51:14 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013.01.27 13:31:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 13:31:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 12:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.26 12:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.26 11:44:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 11:25:37 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 10:37:04 | 000,646,794 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.23 10:37:04 | 000,611,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.23 10:37:04 | 000,134,956 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.23 10:37:04 | 000,110,824 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.22 22:18:21 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.22 13:10:04 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2013.01.20 16:45:13 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013.01.20 16:44:58 | 000,465,655 | ---- | M] () -- C:\ProgramData\1.jpg
[2013.01.12 11:45:22 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.27 13:51:14 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013.01.22 22:18:21 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.22 13:10:04 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2013.01.20 16:45:12 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013.01.20 16:44:48 | 000,465,655 | ---- | C] () -- C:\ProgramData\1.jpg
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.10.23 22:24:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.11 21:34:35 | 000,000,760 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\setup_ldm.iss
[2007.12.26 15:14:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.28 10:05:46 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.12 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\123 Free Solitaire
[2007.12.21 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service
[2007.12.20 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service GmbH
[2007.11.06 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bullzip
[2011.10.20 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2011.02.02 12:46:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2010.10.03 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2007.11.01 10:30:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Genie-soft
[2008.12.06 10:56:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2010.08.30 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\netdesigner
[2008.09.19 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScreenSeven
[2013.01.27 12:03:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2012.12.16 10:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2008.07.22 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\123 Free Solitaire
[2007.12.21 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2007.12.29 18:56:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bullzip
[2010.04.20 12:16:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.28 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.12.27 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2007.11.01 12:19:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Genie-soft
[2009.12.26 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jpg-Illuminator
[2009.02.28 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MahJong Suite
[2010.08.30 10:03:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\netdesigner
[2011.10.18 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2008.07.19 12:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\123 Free Solitaire
[2007.12.31 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2007.12.31 16:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2007.10.30 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bullzip
[2013.01.22 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2010.01.18 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.25 11:54:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.10.01 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\deltra Software GmbH
[2010.10.03 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.09.20 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gaijin Ent
[2007.10.31 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Genie-Soft
[2011.06.16 16:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2009.12.26 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jpg-Illuminator
[2009.07.26 13:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MahJong Suite
[2010.08.30 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\netdesigner
[2013.01.01 13:47:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.02.23 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
 
========== Purity Check ==========


< End of report >

--- --- ---

Da mach ich mir noch ein wenig Sorgen wegen sowas wie iKeyLFT2.dll, ezsidmv.dat..?

Und hier noch die Extras:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.01.2013 15:45:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 65,67% Memory free
4,13 Gb Paging File | 3,65 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,96 Gb Total Space | 59,01 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,33 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{277DC7C0-B5A0-4E52-99C1-3F9215776BF8}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{D1838976-F555-402C-91DB-F6988A8AB065}" = lport=5900 | protocol=6 | dir=in | name=vncserver | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C20638F-A577-4E29-8E7D-774C515792C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2EE891BC-22DC-4793-AA44-9F69DC5617BA}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{404F1309-9AA8-4684-B516-05FBD0A55B33}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{5AECA04E-AA54-421E-B357-99B3443EAE47}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{7436E428-B928-4D43-8344-13345BAF0CC6}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{850F63B9-A423-4F23-B5B2-AE95B1F4C3DA}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{8B02ADF8-3337-4751-825B-C1F291EC1D07}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{8D2E67B8-81D9-4B2C-A258-22657BD1FFAD}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{A4278DE6-3BD8-4AF2-98F9-9A7C743FAB4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2D28943-4974-4597-899C-C8BAD2E8637B}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{C5D8E1E4-408B-43CD-9CF4-F1C51943BE16}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{C858A1B5-6CB9-4739-A2E5-145E5B1D5BF1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D69F1AD4-7084-4C24-A1DB-2259F660373A}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{E17A02BE-658F-4CA8-BFE9-532B68F95053}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{ECD540E4-939E-4733-A8E6-AF9E677AD2F1}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{F91160CE-DBAC-4C7F-A81C-F90CD8CACE58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0EC3F2BF-FF22-4476-BF4D-8105EE16FB64}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2B0E0DE6-81ED-49DA-B13B-35FEAA2F62F7}C:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{2EEC96AC-36E2-4931-B3AB-620212D6D5B0}C:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{6C9C05CB-F664-4848-B7F4-88B102EB337C}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | 
"TCP Query User{D605B557-854D-422B-8E62-BADE29252ADB}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{E25B7669-7E68-4E05-AFE5-B6D6BCC5FA00}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{F57370EC-FFCD-4237-B558-DA94142F575A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2B38D052-1872-4835-9C46-F8843E46E13B}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | 
"UDP Query User{3AD52C94-D0A1-4475-A8BF-EFBD75B289C9}C:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{41F747C9-C30F-49BF-B261-D8C508D5B620}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{707021FD-38AD-4174-9573-C81CFF108555}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{A4B338C3-2777-4213-9090-7FD900995F38}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{A6073B7E-AD27-4F1D-8392-FBC3E4DDBB26}C:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{E5965DC7-AB70-4BE4-A084-2788321E67C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}" = SmartSound Premiere Elements 10 Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17787BE3-4E5B-4D50-89BD-77E0C23B5C78}" = calibre
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D338E26-0DA6-44E3-8D2E-61B63384B76E}" = Broadcom ASF Management Applications
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{700AF45E-6BE8-4850-B3D2-37E3971710FD}" = WISO Haushaltsbuch 2008
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4DEA2-5A69-4819-9BB2-BF3D540F9024}" = Adobe Premiere Elements 10
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C3EC469F-6296-42BF-B282-2EA2C6B80B06}" = BDE
"{CE1F2DF3-5836-4A27-A3FE-6717492DDE5E}" = PRE10STIInstaller
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{EA23FDC1-BD29-44E9-AB25-7E4EB53179D9}_is1" = Genie Backup Manager Pro 7.0
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"123 Free Solitaire" = 123 Free Solitaire
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"BDE" = BDE
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 3.0.0.352
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem100" = Adobe Premiere Elements 10
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Reisekostenabrechnung 3" = Reisekostenabrechnung 3
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"tvbrowser" = TV-Browser 3.1
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.1.11
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2013 05:40:12 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.01.2013 05:40:12 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.01.2013 08:33:57 | Computer Name = ***-PC | Source = ESENT | ID = 447
Description = Windows (2180) Windows: Ungültige Seitenverknüpfung (Fehler -338) 
in B-Struktur (Objekt-Id: 14, PgnoRoot: 259) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
 (333 => 5902, 0).
 
Error - 23.01.2013 13:41:38 | Computer Name = ***-PC | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description = 
 
Error - 26.01.2013 06:24:05 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.01.2013 05:54:51 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.01.2013 06:58:02 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.01.2013 07:00:45 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.01.2013 08:34:44 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.01.2013 09:09:26 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 27.01.2013 09:09:05 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.01.2013 09:09:05 | Computer Name = ***-PC | Source = LSM | ID = 1048
Description = 
 
Error - 27.01.2013 09:09:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.01.2013 09:09:26 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.01.2013 09:09:40 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.01.2013 09:10:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.01.2013 09:10:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.01.2013 09:28:23 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.01.2013 09:28:24 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.900.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
 werden. 
 
Error - 27.01.2013 10:44:33 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

--- --- ---

Gmer bringt folgendes:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-27 16:51:25
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000051 ST316081 rev.3.AD 149,01GB
Running: f9fjbpnj.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fgloqpog.sys


---- Kernel code sections - GMER 2.0 ----

?  System32\drivers\qjtmecg.sys  Das System kann den angegebenen Pfad nicht finden. !

---- EOF - GMER 2.0 ----

Und noch der ADW cleaner:

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 27/01/2013 um 18:16:30 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Administrator - ***-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : D:\Tools\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\ADMINI~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Administrator\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\Software\TENCENT
Schlüssel Gefunden : HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6509 octets] - [27/01/2013 18:16:30]

########## EOF - C:\AdwCleaner[R1].txt - [6569 octets] ##########

Mit Erschrecken hab ich Eintraege zur ASK Toolbar gesehen, nicht aktuelles Java, usw.
Da steht mir noch was bevor an Deinstallation und Updates...
Ab jetzt gibt es nur noch FF/Opera mit adblock und noscript.

Was mich aber in erster Linie interessiert ist, ob ich noch was runterschmeissen muss.

Ich waere fuer Eure Hilfe sehr dankbar.

Gruss

Corb

wgsdgsdgdsgsd.exe mit Bildschirmsperre

Log-Analyse und Auswertung: wgsdgsdgdsgsd.exe mit Bildschirmsperre

wgsdgsdgdsgsd.exe mit Bildschirmsperre

Ähnliche Themen: wgsdgsdgdsgsd.exe mit Bildschirmsperre