Trojaner-Board - Mail PW gestohlen, nach Passwortänderung hatte "Hacker" direkt wieder das PW

So hier sind nun die Logfiles.

OTL:
Code:
OTL logfile created on: 26.09.2012 17:57:42 - Run 1

OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\Fr3D\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

15,99 Gb Total Physical Memory | 14,38 Gb Available Physical Memory | 89,90% Memory free

31,98 Gb Paging File | 30,38 Gb Available in Paging File | 95,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119,14 Gb Total Space | 75,61 Gb Free Space | 63,46% Space Free | Partition Type: NTFS

Drive D: | 1863,01 Gb Total Space | 344,85 Gb Free Space | 18,51% Space Free | Partition Type: NTFS

 

Computer Name: CORE_FR3D | User Name: Fr3D | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.26 17:43:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fr3D\Desktop\OTL.exe

PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.08.17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

PRC - [2007.04.09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.09.25 20:55:01 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.09.25 20:39:36 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)

SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.25 20:24:24 | 000,610,648 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012.09.25 20:24:24 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2012.09.25 20:24:24 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2012.06.08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.01 20:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007.04.12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)

DRV:64bit: - [2007.04.10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2007.04.10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)

DRV:64bit: - [2007.04.10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)

DRV:64bit: - [2007.04.10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV:64bit: - [2007.04.10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2007.04.10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2007.04.10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2007.04.10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2007.04.10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)

DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV:64bit: - [2007.04.10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV:64bit: - [2007.04.10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV:64bit: - [2007.04.10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 4A 70 62 49 9B CD 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: url_advisor@kaspersky.com:13.0.1.4190

FF - prefs.js..extensions.enabledAddons: virtual_keyboard@kaspersky.com:13.0.1.4190

FF - prefs.js..extensions.enabledAddons: content_blocker@kaspersky.com:13.0.1.4190

FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190

FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4190

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.25 20:17:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.25 20:17:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.25 20:17:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.25 20:17:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.25 20:17:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.25 20:33:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.09.25 20:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr3D\AppData\Roaming\mozilla\Extensions

[2012.09.25 21:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr3D\AppData\Roaming\mozilla\Firefox\Profiles\nd8pc5px.default\extensions

[2012.09.25 21:18:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Fr3D\AppData\Roaming\mozilla\firefox\profiles\nd8pc5px.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.09.25 20:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.25 20:17:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM

[2012.09.25 20:17:52 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM

[2012.09.25 20:17:53 | 000,000,000 | ---D | M] (Sicherer Zahlungsverkehr) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM

[2012.09.25 20:17:54 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM

[2012.09.25 20:17:54 | 000,000,000 | ---D | M] (Virtuelle Tastatur) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM

[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16DBD3C0-176E-4285-ABC1-C573C4622C8B}: DhcpNameServer = 192.168.2.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.26 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Malwarebytes

[2012.09.26 17:53:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.26 17:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.26 17:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.26 17:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.09.26 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.09.26 17:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.09.26 17:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012.09.26 17:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2012.09.26 17:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager

[2012.09.26 17:43:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fr3D\Desktop\OTL.exe

[2012.09.26 17:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap

[2012.09.26 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap

[2012.09.26 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark

[2012.09.26 17:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\TCPView

[2012.09.26 17:36:14 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Leadertech

[2012.09.26 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\NVIDIA

[2012.09.26 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\Logitech

[2012.09.26 17:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012.09.26 17:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012.09.26 17:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software

[2012.09.26 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Logitech

[2012.09.26 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Logishrd

[2012.09.26 17:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer

[2012.09.25 20:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012.09.25 20:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012.09.25 20:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012.09.25 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Macromedia

[2012.09.25 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\Macromedia

[2012.09.25 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Adobe

[2012.09.25 20:39:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012.09.25 20:39:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012.09.25 20:34:01 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Mozilla

[2012.09.25 20:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.09.25 20:28:45 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\Mozilla

[2012.09.25 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.09.25 20:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.09.25 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora

[2012.09.25 20:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012.09.25 20:19:25 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.09.25 20:19:25 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.09.25 20:19:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data

[2012.09.25 20:19:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data

[2012.09.25 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2012.09.25 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

[2012.09.25 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013

[2012.09.25 20:17:57 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll

[2012.09.25 20:17:53 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP

[2012.09.25 20:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012.09.25 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2012.09.25 20:17:50 | 000,610,648 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012.09.25 20:17:50 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys

[2012.09.25 20:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012.09.25 20:14:46 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012.09.25 20:14:46 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012.09.25 20:14:46 | 000,000,000 | ---D | C] -- C:\temp

[2012.09.25 20:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012.09.25 20:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2012.09.25 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2012.09.25 20:14:10 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012.09.25 20:12:39 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.09.25 20:12:39 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Searches

[2012.09.25 20:12:39 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.09.25 20:12:33 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Contacts

[2012.09.25 20:12:33 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Identities

[2012.09.25 20:12:32 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\VirtualStore

[2012.09.25 20:11:53 | 000,000,000 | --SD | C] -- C:\Users\Fr3D\AppData\Roaming\Microsoft

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Videos

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Saved Games

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Pictures

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Music

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Links

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Favorites

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Downloads

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Documents

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\Desktop

[2012.09.25 20:11:53 | 000,000,000 | R--D | C] -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Vorlagen

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\AppData\Local\Verlauf

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\AppData\Local\Temporary Internet Files

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Startmenü

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\SendTo

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Recent

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Netzwerkumgebung

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Lokale Einstellungen

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Documents\Eigene Videos

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Documents\Eigene Musik

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Eigene Dateien

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Documents\Eigene Bilder

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Druckumgebung

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Cookies

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\AppData\Local\Anwendungsdaten

[2012.09.25 20:11:53 | 000,000,000 | -HSD | C] -- C:\Users\Fr3D\Anwendungsdaten

[2012.09.25 20:11:53 | 000,000,000 | -H-D | C] -- C:\Users\Fr3D\AppData

[2012.09.25 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\Temp

[2012.09.25 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Local\Microsoft

[2012.09.25 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Fr3D\AppData\Roaming\Media Center Programs

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Recovery

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Programme

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2012.09.25 20:11:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2012.09.25 20:11:32 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012.09.25 20:06:41 | 000,000,000 | ---D | C] -- C:\Windows\CSC

[2012.09.25 20:06:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.26 17:56:09 | 000,000,000 | ---- | M] () -- C:\Users\Fr3D\defogger_reenable

[2012.09.26 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.26 17:43:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fr3D\Desktop\OTL.exe

[2012.09.26 17:43:12 | 000,050,477 | ---- | M] () -- C:\Users\Fr3D\Desktop\Defogger.exe

[2012.09.26 17:22:25 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.26 17:22:25 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.26 17:20:32 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.26 17:20:32 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.26 17:20:32 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.26 17:20:32 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.26 17:20:32 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.26 17:14:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.09.26 17:14:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.26 17:14:01 | 4287,975,422 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.25 21:25:41 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 21:25:41 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 21:25:41 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 21:25:41 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 21:25:41 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 21:15:03 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.09.25 20:26:07 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000000-00001102-00000004-20021102}.CDF

[2012.09.25 20:26:07 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000000-00001102-00000004-20021102}.BAK

[2012.09.25 20:24:24 | 000,610,648 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012.09.25 20:24:24 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys

[2012.09.25 20:24:24 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys

[2012.09.25 20:19:25 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.09.25 20:19:25 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.09.25 20:09:58 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012.09.25 20:09:58 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.08.30 21:14:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012.08.30 21:14:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012.08.30 21:14:00 | 000,016,366 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2012.08.30 18:18:04 | 003,487,434 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[2012.08.30 10:40:14 | 000,429,416 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.09.26 17:56:09 | 000,000,000 | ---- | C] () -- C:\Users\Fr3D\defogger_reenable

[2012.09.26 17:43:11 | 000,050,477 | ---- | C] () -- C:\Users\Fr3D\Desktop\Defogger.exe

[2012.09.26 17:38:06 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

[2012.09.25 20:39:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.25 20:33:59 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.09.25 20:26:01 | 004,958,588 | ---- | C] () -- C:\Windows\{00000006-00000000-00000000-00001102-00000004-20021102}.BAK

[2012.09.25 20:25:21 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 20:25:21 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 20:25:21 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXCtrlState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 20:25:21 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 20:25:21 | 000,011,564 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-00000004-20021102}.rfx

[2012.09.25 20:19:26 | 004,958,588 | ---- | C] () -- C:\Windows\{00000006-00000000-00000000-00001102-00000004-20021102}.CDF

[2012.09.25 20:19:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.09.25 20:14:52 | 003,487,434 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012.09.25 20:14:36 | 000,016,366 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2012.09.25 20:12:43 | 000,001,405 | ---- | C] () -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012.09.25 20:12:40 | 000,001,439 | ---- | C] () -- C:\Users\Fr3D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012.09.25 20:06:35 | 4287,975,422 | -HS- | C] () -- C:\hiberfil.sys

[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012.02.14 19:39:50 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.26 17:36:14 | 000,000,000 | ---D | M] -- C:\Users\Fr3D\AppData\Roaming\Leadertech

 
 ========== Purity Check ==========

 

 
 

< End of report >
Im Anhang befindet sich die Extras.txt und die Logfile von Malwarebytes.