| andiii01 | 17.11.2013 14:25 |
Windows XP Cybercrime Virus Sperrbildschirm
Hallo.
Ich bekomme seit gestern nach dem Hochfahren eines PC einen Sperrbildschirm von "Cybercrime".
Wenn der PC normal hochgefahren wird, wird noch kurz der Desktop angezeigt und gleich darauf erscheint der Sperrbildschirm.
Der PC lässt sich in keinem abgesicherten Modus starten. Weder im "Abgesicherten Modus", oder im "Abgesicherten Modus mit Netzwerktreibern", noch im "Abgesicherten Mods mit Eingabeaufforderung". Kurz nach dem Anmeldebildschirm startet der PC von selbst neu.
Ich habe inzwischen schon mit OTLPE gebootet und einen Systemscan gemacht. Das Logfile poste ich gleich dazu.
Ich bitte um eure Unterstützung, da ich nicht mehr weiter weiß. Code:
OTL logfile created on: 11/17/2013 1:53:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68.36 Gb Total Space | 38.50 Gb Free Space | 56.32% Space Free | Partition Type: NTFS
Drive D: | 397.40 Gb Total Space | 368.22 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/11/16 07:23:24 | 000,176,640 | ---- | M] (Sato Corporation) [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\ghlb0w.dss -- (winmgmt)
SRV - [2013/02/04 10:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/11/01 08:50:38 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/10/26 05:54:48 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/18 15:11:34 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 06:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 06:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/16 03:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/08/19 06:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/02/28 10:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 10:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003/07/28 05:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/07/31 05:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/07/31 05:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/04/20 07:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 11:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 06:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 06:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/12 10:15:07 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2010/05/02 04:46:57 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2010/01/28 09:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/22 05:48:00 | 006,039,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 13:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/03 21:28:18 | 000,011,296 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/06/05 02:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/18 09:21:08 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2008/02/18 09:21:08 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2006/11/02 01:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\---_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\---_ON_C\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
IE - HKU\---_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.0.8
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.1.511
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/11/01 08:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 08:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/05/02 12:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/10/26 05:55:07 | 000,000,000 | ---D | M]
[2010/04/29 05:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\mozilla\Extensions
[2013/04/20 12:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\mozilla\Firefox\Profiles\2oob0hqh.default\extensions
[2010/12/25 10:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\mozilla\Firefox\Profiles\2oob0hqh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/03 08:20:48 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\mozilla\Firefox\Profiles\2oob0hqh.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011/12/27 07:45:46 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\Mozilla\Firefox\Profiles\2oob0hqh.default\searchplugins\conduit.xml
[2013/04/20 12:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/05/01 07:28:15 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/11/01 08:50:56 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2010/01/15 20:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/15 20:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/15 20:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/15 20:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/15 20:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\---_ON_C\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Corel Reminder] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\---_ON_C..\Run: [KiesAirMessage] File not found
O4 - HKU\---_ON_C..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\---_ON_C..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\---_ON_C..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\---_ON_C..\Run: [Reminder] C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
O4 - HKU\---_ON_C..\Run: [Sony PC Companion] C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Dokumente und Einstellungen\---\Startmenü\Programme\Autostart\w0blhg.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Philips Configo.lnk = C:\Programme\Philips\Configo\2.0.9.0\Configo.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\---_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\---_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 03:11:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{13d472ca-2e88-11e2-a359-b8e116aea87c}\Shell - "" = AutoRun
O33 - MountPoints2\{13d472ca-2e88-11e2-a359-b8e116aea87c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13d472ca-2e88-11e2-a359-b8e116aea87c}\Shell\AutoRun\command - "" = G:\laucher.exe
O33 - MountPoints2\{a78d401b-edba-11df-99d5-b1c4b1877b69}\Shell - "" = AutoRun
O33 - MountPoints2\{a78d401b-edba-11df-99d5-b1c4b1877b69}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a78d401b-edba-11df-99d5-b1c4b1877b69}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a78d4020-edba-11df-99d5-b1c4b1877b69}\Shell - "" = AutoRun
O33 - MountPoints2\{a78d4020-edba-11df-99d5-b1c4b1877b69}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a78d4020-edba-11df-99d5-b1c4b1877b69}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/11/16 15:36:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/11/16 15:30:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013/11/16 07:23:24 | 000,176,640 | ---- | C] (Sato Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ghlb0w.dss
[2013/10/20 06:00:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/20 06:00:48 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/20 05:59:43 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/20 05:59:43 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/20 05:59:43 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/20 05:59:43 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/08/21 14:21:05 | 094,954,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Programme\Kies_2.3.3.12085_7_5.exe
[2010/11/12 10:15:06 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[2010/05/02 05:32:29 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmmdm.sys
[2010/05/02 05:32:29 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmserd.sys
[2010/05/02 05:32:29 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmbus.sys
[2010/05/02 05:32:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\---\usbsermptxp.sys
[2010/05/02 05:32:29 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\---\usbsermpt.sys
[2010/05/02 05:32:29 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmmdfl.sys
[2010/05/02 05:32:29 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmcmnt.sys
[2010/05/02 05:32:29 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmwhnt.sys
[2010/05/02 05:32:29 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\---\mqdmcr.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/16 16:01:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/16 15:52:54 | 095,025,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.bxx
[2013/11/16 15:52:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.fvv
[2013/11/16 15:52:48 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/11/16 15:52:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/11/16 07:43:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/16 07:31:57 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/16 07:26:03 | 000,000,381 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.reg
[2013/11/16 07:23:29 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\---\Startmenü\Programme\Autostart\w0blhg.lnk
[2013/11/16 07:23:24 | 000,176,640 | ---- | M] (Sato Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ghlb0w.dss
[2013/11/06 13:47:16 | 000,031,467 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/11/06 13:47:01 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2013/10/27 06:07:11 | 000,242,744 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/10/27 04:28:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/27 04:12:31 | 000,427,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/20 06:30:15 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/10/20 06:30:15 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/20 06:30:15 | 000,081,756 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/10/20 06:30:15 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/20 06:28:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/16 07:24:50 | 000,000,381 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.reg
[2013/11/16 07:23:29 | 000,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\---\Startmenü\Programme\Autostart\w0blhg.lnk
[2013/11/16 07:23:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.fvv
[2013/11/16 07:23:27 | 095,025,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\w0blhg.bxx
[2013/10/27 06:07:11 | 000,242,744 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/09/15 04:59:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\barcode.INI
[2013/09/15 04:58:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\capture.ini
[2012/09/23 07:50:12 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\---\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012/08/28 03:04:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/08/28 03:04:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/08/28 03:04:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/08/28 03:04:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/08/28 03:04:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/04/09 04:36:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 07:58:40 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\---\Lieferant 1.wdb
[2011/09/12 08:06:36 | 000,000,291 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2011/05/01 07:28:03 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/01 07:28:03 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/01/13 16:01:52 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2010/05/31 11:43:48 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\---\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 11:31:23 | 000,000,105 | ---- | C] () -- C:\Dokumente und Einstellungen\---\default.pls
[2010/05/02 11:31:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/02 05:36:38 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2010/05/02 05:32:29 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\---\MCCI_MDM.INF
[2010/05/02 05:32:29 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\---\USB_MOT_BRIT.INF
[2010/05/02 05:32:29 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\---\USBMOT2000.INF
[2010/05/02 05:32:29 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\---\MCCI_BUS.INF
[2010/05/02 05:32:29 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\---\USBMOT2000XP.INF
[2010/05/02 05:32:29 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\---\USB_MOT_A1000.INF
[2010/05/02 05:32:29 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\---\USB_CMCS_2000.INF
[2010/05/02 05:32:29 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\---\MCCI_SDM.INF
[2010/05/02 05:14:44 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/05/02 05:12:50 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/05/02 04:46:57 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2010/05/02 04:43:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/29 05:14:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 05:10:40 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\---\.rnd
[2010/04/29 04:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/29 04:03:15 | 000,427,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 03:44:40 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/29 03:38:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/29 03:38:57 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/29 03:38:56 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/29 03:38:56 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/29 03:37:26 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/04/29 03:33:26 | 000,048,635 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/04/29 03:33:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/29 03:33:02 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/04/29 03:32:56 | 000,031,467 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/29 03:32:56 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/04/29 03:12:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 03:08:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/29 03:08:01 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2009/09/09 12:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/12/01 11:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/04/14 01:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 01:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,452,736 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 07:00:00 | 000,435,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,081,756 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 07:00:00 | 000,068,728 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/16 06:01:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000/10/16 06:01:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[1997/08/14 18:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
========== LOP Check ==========
[2012/03/18 15:28:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\Autodesk
[2010/09/21 09:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\Canon
[2010/08/12 08:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\HartlauerFotoService3
[2013/08/18 05:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\MAGIX
[2010/04/29 05:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\OpenOffice.org
[2013/11/16 07:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\PriceGong
[2013/08/21 14:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\Samsung
[2011/04/17 15:42:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\---\Anwendungsdaten\Sony
[2010/04/29 03:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ASUS OC Profiles
[2012/03/18 15:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2011/11/06 12:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2010/09/21 08:56:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2013/11/16 15:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2010/05/02 05:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2013/08/21 14:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2012/03/18 05:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2013/11/16 15:52:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
< End of report >
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
SecurityCheck und:
Textbox. 
