wgsdgsdgdsgsd.exe mit Bildschirmsperre
Hallo,
ich habe vor zwei Tagen einen kleinen Notruf von meinem Vater bekommen, der sich anscheinen den GVU-Trojaner mit Bildschirmsperre eingefangen hat (trots MSE).
Ich hab ihm erstmal eine Desinfect DVD geschickt zum grundsaetzlichen testen.
Ergebnis war dann folgendes: Code:
Infizierte Datei ggf. Datei in Archiv Fund durch Avira Fund durch Bitdefender
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F74A503A-7270-0A62-539D-1D832363F9F6}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{792A3619-BFA3-D809-FBF2-61A2F6132C08}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5F054686-253D-BCB0-A72E-A17F85B31BFB}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F81405C0-4F2D-7632-4515-7FD3E6554729}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{CC13416D-8A12-1944-2350-F05AEED00781}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DA69F225-6739-3446-374A-7B9900A2B5F1}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{252771C9-BCBE-392E-601A-21B37E9B7E03}-wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F81405C0-4F2D-7632-4515-7FD3E6554729}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DA69F225-6739-3446-374A-7B9900A2B5F1}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{CC13416D-8A12-1944-2350-F05AEED00781}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5F054686-253D-BCB0-A72E-A17F85B31BFB}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F74A503A-7270-0A62-539D-1D832363F9F6}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{792A3619-BFA3-D809-FBF2-61A2F6132C08}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{252771C9-BCBE-392E-601A-21B37E9B7E03}-wgsdgsdgdsgsd.exe (Quarantine-PE) Trojan.Generic.KDZ.5246
/media/OS/Users/***/wgsdgsdgdsgsd.exe TR/Rogue.kdz.5235 Trojan.Generic.KDZ.5246
/media/OS/$Recycle.Bin/S-1-5-21-786198017-444987732-4098480886-500/$RKSH4ES.exe APPL/GetRightToGo.Gen5
/media/OS/Users/***/AppData/Local/Temp/ICReinstall/PDFCreatorSetup.exe ADWARE/InstallCore.Gen Gen:Variant.Graftor.47533
/media/OS/Users/***/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/ZL8RWBCS/spl[1].htm JS/Expack.GO
/media/OS/Users/***/AppData/Local/Temp/36706676.Uninstall/Uninstall.exe ADWARE/InstallCore.Gen Gen:Variant.Graftor.47533
Alles was wgsdgsdgdsgsd.exe anbelangt hab ich geloescht. Ebenfalls die wgsdgsdgdsgsd.pad aus ProgramData.
Als naechstes kam dann MBAM dran mit folgendem Ergebnis im Quickscan: Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.27.04
Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Administrator :: ***-PC [Administrator]
Schutz: Deaktiviert
27.01.2013 13:39:05
MBAM-log-2013-01-27 (13-53-52).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302870
Laufzeit: 13 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\$Recycle.Bin\S-1-5-21-786198017-444987732-4098480886-500\$RKSH4ES.exe (Trojan.Agent.STB) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> Keine Aktion durchgeführt.
(Ende)
$RKSH4ES.exe und avdrn.dat habe ich im Anschluss dann auch gekillt. Ein ausfuehrlicher MBAM-Scan nach Neustart hat dann nichts mehr gebracht.
OTL schmeisst folgendes raus:
OTL Logfile: Code:
OTL logfile created on: 27.01.2013 15:45:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 65,67% Memory free
4,13 Gb Paging File | 3,65 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,96 Gb Total Space | 59,01 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,33 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.27 12:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.12.14 10:17:04 | 004,103,672 | ---- | M] (TeamViewer GmbH) -- c:\users\admini~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
PRC - [2012.12.14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Users\ADMINI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2013.01.09 11:27:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.10 08:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006.12.12 17:50:18 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007.07.11 10:28:00 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.07.10 08:03:44 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.12.12 17:50:22 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.10.19 17:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006.10.19 17:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=142E2A23-AF55-4B3B-8409-67FFAB5A7414&apn_sauid=16AC715A-6F99-4DAB-A1BF-6930388BD620
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.21 09:51:23 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-786198017-444987732-4098480886-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GBMPro7Agent] C:\Programme\Genie-Soft\GBMPro7\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-786198017-444987732-4098480886-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://www.netnews.cc/netfoto/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4E22C7-F818-432B-930C-FB193290FCA4}: DhcpNameServer = 192.168.168.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25af4c47-8095-11dc-91db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{25af4c47-8095-11dc-91db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.27 15:44:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.27 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.01.27 13:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.27 13:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.27 13:37:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.27 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.27 12:03:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013.01.27 11:32:07 | 000,000,000 | ---D | C] -- C:\andreas
[2013.01.22 22:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2013.01.22 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013.01.22 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.22 22:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.22 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Digital Editions
[2013.01.22 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Kobo
[2013.01.22 13:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2013.01.22 13:09:42 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2013.01.22 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
========== Files - Modified Within 30 Days ==========
[2013.01.27 14:09:14 | 001,593,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.27 14:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 13:51:14 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013.01.27 13:31:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 13:31:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 12:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.26 12:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.26 11:44:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 11:25:37 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 10:37:04 | 000,646,794 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.23 10:37:04 | 000,611,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.23 10:37:04 | 000,134,956 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.23 10:37:04 | 000,110,824 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.22 22:18:21 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.22 13:10:04 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2013.01.20 16:45:13 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013.01.20 16:44:58 | 000,465,655 | ---- | M] () -- C:\ProgramData\1.jpg
[2013.01.12 11:45:22 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
========== Files Created - No Company Name ==========
[2013.01.27 13:51:14 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013.01.22 22:18:21 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.22 13:10:04 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2013.01.20 16:45:12 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013.01.20 16:44:48 | 000,465,655 | ---- | C] () -- C:\ProgramData\1.jpg
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.10.23 22:24:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.11 21:34:35 | 000,000,760 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\setup_ldm.iss
[2007.12.26 15:14:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.28 10:05:46 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
========== ZeroAccess Check ==========
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.06.12 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\123 Free Solitaire
[2007.12.21 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service
[2007.12.20 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service GmbH
[2007.11.06 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bullzip
[2011.10.20 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2011.02.02 12:46:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2010.10.03 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2007.11.01 10:30:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Genie-soft
[2008.12.06 10:56:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2010.08.30 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\netdesigner
[2008.09.19 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScreenSeven
[2013.01.27 12:03:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2012.12.16 10:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2008.07.22 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\123 Free Solitaire
[2007.12.21 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2007.12.29 18:56:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bullzip
[2010.04.20 12:16:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.28 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.12.27 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2007.11.01 12:19:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Genie-soft
[2009.12.26 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jpg-Illuminator
[2009.02.28 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MahJong Suite
[2010.08.30 10:03:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\netdesigner
[2011.10.18 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2008.07.19 12:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\123 Free Solitaire
[2007.12.31 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2007.12.31 16:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2007.10.30 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bullzip
[2013.01.22 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2010.01.18 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.25 11:54:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.10.01 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\deltra Software GmbH
[2010.10.03 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.09.20 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gaijin Ent
[2007.10.31 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Genie-Soft
[2011.06.16 16:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2009.12.26 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jpg-Illuminator
[2009.07.26 13:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MahJong Suite
[2010.08.30 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\netdesigner
[2013.01.01 13:47:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.02.23 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
========== Purity Check ==========
< End of report >
--- --- ---
Da mach ich mir noch ein wenig Sorgen wegen sowas wie iKeyLFT2.dll, ezsidmv.dat..?
Und hier noch die Extras:
OTL Logfile: Code:
OTL Extras logfile created on: 27.01.2013 15:45:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 65,67% Memory free
4,13 Gb Paging File | 3,65 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,96 Gb Total Space | 59,01 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,33 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{277DC7C0-B5A0-4E52-99C1-3F9215776BF8}" = lport=3389 | protocol=6 | dir=in | app=system |
"{D1838976-F555-402C-91DB-F6988A8AB065}" = lport=5900 | protocol=6 | dir=in | name=vncserver |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C20638F-A577-4E29-8E7D-774C515792C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2EE891BC-22DC-4793-AA44-9F69DC5617BA}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{404F1309-9AA8-4684-B516-05FBD0A55B33}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{5AECA04E-AA54-421E-B357-99B3443EAE47}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{7436E428-B928-4D43-8344-13345BAF0CC6}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{850F63B9-A423-4F23-B5B2-AE95B1F4C3DA}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{8B02ADF8-3337-4751-825B-C1F291EC1D07}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{8D2E67B8-81D9-4B2C-A258-22657BD1FFAD}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{A4278DE6-3BD8-4AF2-98F9-9A7C743FAB4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2D28943-4974-4597-899C-C8BAD2E8637B}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{C5D8E1E4-408B-43CD-9CF4-F1C51943BE16}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"{C858A1B5-6CB9-4739-A2E5-145E5B1D5BF1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D69F1AD4-7084-4C24-A1DB-2259F660373A}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{E17A02BE-658F-4CA8-BFE9-532B68F95053}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{ECD540E4-939E-4733-A8E6-AF9E677AD2F1}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"{F91160CE-DBAC-4C7F-A81C-F90CD8CACE58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0EC3F2BF-FF22-4476-BF4D-8105EE16FB64}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2B0E0DE6-81ED-49DA-B13B-35FEAA2F62F7}C:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{2EEC96AC-36E2-4931-B3AB-620212D6D5B0}C:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{6C9C05CB-F664-4848-B7F4-88B102EB337C}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"TCP Query User{D605B557-854D-422B-8E62-BADE29252ADB}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{E25B7669-7E68-4E05-AFE5-B6D6BCC5FA00}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F57370EC-FFCD-4237-B558-DA94142F575A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2B38D052-1872-4835-9C46-F8843E46E13B}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"UDP Query User{3AD52C94-D0A1-4475-A8BF-EFBD75B289C9}C:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{41F747C9-C30F-49BF-B261-D8C508D5B620}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{707021FD-38AD-4174-9573-C81CFF108555}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A4B338C3-2777-4213-9090-7FD900995F38}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A6073B7E-AD27-4F1D-8392-FBC3E4DDBB26}C:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{E5965DC7-AB70-4BE4-A084-2788321E67C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}" = SmartSound Premiere Elements 10 Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17787BE3-4E5B-4D50-89BD-77E0C23B5C78}" = calibre
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D338E26-0DA6-44E3-8D2E-61B63384B76E}" = Broadcom ASF Management Applications
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{700AF45E-6BE8-4850-B3D2-37E3971710FD}" = WISO Haushaltsbuch 2008
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4DEA2-5A69-4819-9BB2-BF3D540F9024}" = Adobe Premiere Elements 10
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C3EC469F-6296-42BF-B282-2EA2C6B80B06}" = BDE
"{CE1F2DF3-5836-4A27-A3FE-6717492DDE5E}" = PRE10STIInstaller
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{EA23FDC1-BD29-44E9-AB25-7E4EB53179D9}_is1" = Genie Backup Manager Pro 7.0
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"123 Free Solitaire" = 123 Free Solitaire
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"BDE" = BDE
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 3.0.0.352
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem100" = Adobe Premiere Elements 10
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Reisekostenabrechnung 3" = Reisekostenabrechnung 3
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"tvbrowser" = TV-Browser 3.1
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.1.11
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-786198017-444987732-4098480886-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 05:40:12 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.01.2013 05:40:12 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.01.2013 08:33:57 | Computer Name = ***-PC | Source = ESENT | ID = 447
Description = Windows (2180) Windows: Ungültige Seitenverknüpfung (Fehler -338)
in B-Struktur (Objekt-Id: 14, PgnoRoot: 259) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(333 => 5902, 0).
Error - 23.01.2013 13:41:38 | Computer Name = ***-PC | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =
Error - 26.01.2013 06:24:05 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2013 05:54:51 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2013 06:58:02 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2013 07:00:45 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2013 08:34:44 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2013 09:09:26 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 27.01.2013 09:09:05 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 27.01.2013 09:09:05 | Computer Name = ***-PC | Source = LSM | ID = 1048
Description =
Error - 27.01.2013 09:09:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 27.01.2013 09:09:26 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 27.01.2013 09:09:40 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 27.01.2013 09:10:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2013 09:10:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.01.2013 09:28:23 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 27.01.2013 09:28:24 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.143.900.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode:
0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
werden.
Error - 27.01.2013 10:44:33 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- ---
Gmer bringt folgendes: Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-27 16:51:25
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000051 ST316081 rev.3.AD 149,01GB
Running: f9fjbpnj.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fgloqpog.sys
---- Kernel code sections - GMER 2.0 ----
? System32\drivers\qjtmecg.sys Das System kann den angegebenen Pfad nicht finden. !
---- EOF - GMER 2.0 ----
Und noch der ADW cleaner: Code:
# AdwCleaner v2.109 - Datei am 27/01/2013 um 18:16:30 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Administrator - ***-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : D:\Tools\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\ADMINI~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Administrator\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\Software\TENCENT
Schlüssel Gefunden : HKU\S-1-5-21-786198017-444987732-4098480886-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [6509 octets] - [27/01/2013 18:16:30]
########## EOF - C:\AdwCleaner[R1].txt - [6569 octets] ##########
Mit Erschrecken hab ich Eintraege zur ASK Toolbar gesehen, nicht aktuelles Java, usw.
Da steht mir noch was bevor an Deinstallation und Updates...
Ab jetzt gibt es nur noch FF/Opera mit adblock und noscript.
Was mich aber in erster Linie interessiert ist, ob ich noch was runterschmeissen muss.
Ich waere fuer Eure Hilfe sehr dankbar.
Gruss
Corb |
