Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"

peter1983 · 10.08.2012, 12:47

Hallo liebes Trojaner-Board-Team,

habe mir einen (vermutlich nicht ganz unbekannten) Trojaner eingefangen und versucht, den Anweisungen so genau wie möglich zu folgen.

Anbei findet ihr alle aufgezeichneten Files mit der Bitte um Hilfestellung. Solltet ihr noch irgendwelche Daten benötigen lasst es mich bitte wissen.

Besten Dank im Voraus.

Peter

peter1983 · 10.08.2012, 12:50

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.08.2012 12:48:25 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Andrea\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,80 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 60,91% Memory free
5,60 Gb Paging File | 4,36 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 84,14 Gb Free Space | 57,48% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 285,88 Gb Free Space | 89,54% Space Free | Partition Type: NTFS
 
Computer Name: STAN | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.10 12:24:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.01 21:10:03 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2011.03.01 21:10:02 | 004,216,320 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.05.05 08:40:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.04.27 16:30:24 | 000,079,360 | ---- | M] (UNIQA) -- C:\Programme\UNIQA\VIPService\VIPService.exe
PRC - [2005.05.04 01:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlservr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.03 15:16:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.20 19:37:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.02 15:46:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.01 22:03:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.03.01 21:10:03 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.05 08:40:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.04.27 16:30:24 | 000,079,360 | ---- | M] (UNIQA) [Auto | Running] -- C:\Programme\UNIQA\VIPService\VIPService.exe -- (VIPService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.05.04 01:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlservr.exe -- (MSSQL$BASICSYSTEMS)
SRV - [2005.05.03 23:50:28 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlagent.EXE -- (SQLAgent$BASICSYSTEMS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2011.04.17 10:20:36 | 000,036,584 | ---- | M] (6Ci) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WideUSB.sys -- (WideUSB)
DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2011.03.01 21:28:28 | 009,982,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.01 21:10:01 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.01.07 05:49:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 F3 BB CA 44 D8 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {4C6226A1-FCC4-4ACC-9833-904EED0AE13E}
IE - HKCU\..\SearchScopes\{4C6226A1-FCC4-4ACC-9833-904EED0AE13E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLD_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=ovYRtYjPRbP5LhGrfKX9FGxGUS4?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "SFT_de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "SFT_de3 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.18 16:24:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.10 08:28:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.20 19:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.10 08:28:32 | 000,000,000 | ---D | M]
 
[2011.10.29 16:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2011.10.29 16:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.06.16 08:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions
[2012.06.16 08:45:35 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.06.16 08:45:39 | 000,000,000 | ---D | M] (SFT_de3 Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}
[2012.06.10 23:06:28 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\ffxtlbr@babylon.com
[2011.08.04 10:31:00 | 000,000,917 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\daz3khsx.default\searchplugins\conduit.xml
[2011.04.15 18:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 23:06:27 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DAZ3KHSX.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
[2012.06.10 23:06:28 | 000,011,148 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DAZ3KHSX.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.06.20 19:38:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.20 19:37:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.10 23:05:40 | 000,002,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.20 19:37:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 19:37:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.15 09:48:20 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.20 19:37:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 19:37:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 19:37:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - homepage: Google
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SyncCenter] C:\Users\Andrea\AppData\Local\Microsoft\Windows\4871\SyncCenter.exe File not found
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E65C8FAC-DE51-4CAC-BFCB-EEA768E378F4}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d87c151c-3aa9-11e1-8718-e839df1eafde}\Shell - "" = AutoRun
O33 - MountPoints2\{d87c151c-3aa9-11e1-8718-e839df1eafde}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d87c1529-3aa9-11e1-8718-e839df1eafde}\Shell - "" = AutoRun
O33 - MountPoints2\{d87c1529-3aa9-11e1-8718-e839df1eafde}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.10 12:30:00 | 007,239,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andrea\Desktop\mbam-rules.exe
[2012.08.10 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Malwarebytes
[2012.08.10 12:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.10 12:25:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.10 12:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.10 12:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.10 12:25:16 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andrea\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.10 12:25:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2012.08.10 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\hellomoto
[2012.08.08 07:13:42 | 000,046,280 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\PSKMAD.sys
[2012.08.07 18:25:50 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Panda Security
[2012.08.07 18:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012.08.07 18:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012.08.07 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.08.07 18:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.08.07 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.08.07 18:00:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINKNC.sys
[2012.07.13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProt.sys
[2012.07.13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProc.sys
[2012.07.13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINAflt.sys
[2012.07.13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINFile.sys
[2012.07.12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\NNSStrm.sys
[2011.07.27 13:35:03 | 058,370,688 | ---- | C] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote_4.4.2.4912.exe
[2011.06.28 12:30:57 | 002,021,872 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[2011.04.15 18:44:34 | 012,420,392 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe
[2011.04.12 17:15:27 | 002,853,928 | ---- | C] (Bartels Media                                               ) -- C:\Program Files\phraseexpressversion6.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.10 12:52:43 | 000,015,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 12:52:43 | 000,015,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 12:52:13 | 000,680,546 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.10 12:52:13 | 000,636,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.10 12:52:13 | 000,141,492 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.10 12:52:13 | 000,115,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.10 12:47:02 | 000,000,000 | ---- | M] () -- C:\Users\Andrea\defogger_reenable
[2012.08.10 12:45:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.10 12:44:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 12:44:36 | 2255,867,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 12:33:44 | 000,050,477 | ---- | M] () -- C:\Users\Andrea\Desktop\Defogger.exe
[2012.08.10 12:29:26 | 007,239,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andrea\Desktop\mbam-rules.exe
[2012.08.10 12:25:50 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 12:24:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2012.08.10 12:22:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andrea\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.10 12:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.10 11:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.08 07:13:29 | 000,456,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.07 18:13:48 | 000,001,926 | ---- | M] () -- C:\Users\Andrea\Desktop\CrystalDiskInfo.lnk
[2012.08.07 13:36:54 | 000,000,156 | ---- | M] () -- C:\Windows\setscan.ini
[2012.08.07 12:41:31 | 000,500,974 | ---- | M] () -- C:\Users\Andrea\Desktop\ShowDocument.pdf
[2012.07.31 12:07:52 | 002,102,922 | ---- | M] () -- C:\Users\Andrea\Desktop\Befunfde Ohr und Hand.pdf
[2012.07.25 14:33:02 | 031,047,882 | ---- | M] () -- C:\NVAngebot.exe
[2012.07.25 10:45:12 | 000,059,904 | ---- | M] () -- C:\Users\Andrea\Desktop\Microsoft Office Publisher-Dokument (neu).pub
[2012.07.19 12:22:05 | 000,189,530 | ---- | M] () -- C:\Users\Andrea\Desktop\Gattinger Martina.pdf
[2012.07.19 11:52:50 | 000,027,514 | ---- | M] () -- C:\Users\Andrea\Desktop\5007d8e824a9b.pdf
[2012.07.18 15:24:13 | 000,218,102 | ---- | M] () -- C:\Users\Andrea\Desktop\12_04_19_plattform_KESt-Neu.pdf
[2012.07.18 14:02:15 | 000,468,732 | ---- | M] () -- C:\Users\Andrea\Desktop\9783486700923.fm.pdf
[2012.07.18 13:19:20 | 003,593,719 | ---- | M] () -- C:\Users\Andrea\Desktop\UBS-KeyInvest_1_2012.pdf
[2012.07.14 14:04:25 | 000,007,599 | ---- | M] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012.07.13 19:23:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINKNC.sys
[2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProt.sys
[2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProc.sys
[2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINAflt.sys
[2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINFile.sys
[2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\NNSStrm.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.10 12:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Andrea\defogger_reenable
[2012.08.10 12:34:28 | 000,050,477 | ---- | C] () -- C:\Users\Andrea\Desktop\Defogger.exe
[2012.08.10 12:25:50 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.07 18:13:48 | 000,001,926 | ---- | C] () -- C:\Users\Andrea\Desktop\CrystalDiskInfo.lnk
[2012.08.07 18:02:39 | 000,001,046 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.07 12:41:31 | 000,500,974 | ---- | C] () -- C:\Users\Andrea\Desktop\ShowDocument.pdf
[2012.07.31 12:07:52 | 002,102,922 | ---- | C] () -- C:\Users\Andrea\Desktop\Befunfde Ohr und Hand.pdf
[2012.07.25 10:45:12 | 000,059,904 | ---- | C] () -- C:\Users\Andrea\Desktop\Microsoft Office Publisher-Dokument (neu).pub
[2012.07.19 12:22:05 | 000,189,530 | ---- | C] () -- C:\Users\Andrea\Desktop\Gattinger Martina.pdf
[2012.07.19 11:52:48 | 000,027,514 | ---- | C] () -- C:\Users\Andrea\Desktop\5007d8e824a9b.pdf
[2012.07.18 15:24:13 | 000,218,102 | ---- | C] () -- C:\Users\Andrea\Desktop\12_04_19_plattform_KESt-Neu.pdf
[2012.07.18 14:02:13 | 000,468,732 | ---- | C] () -- C:\Users\Andrea\Desktop\9783486700923.fm.pdf
[2012.07.18 13:19:20 | 003,593,719 | ---- | C] () -- C:\Users\Andrea\Desktop\UBS-KeyInvest_1_2012.pdf
[2012.07.14 14:04:25 | 000,007,599 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012.07.10 08:14:21 | 000,241,137 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.05.30 15:40:29 | 000,004,096 | -H-- | C] () -- C:\Users\Andrea\AppData\Local\keyfile3.drm
[2012.05.24 11:44:12 | 181,705,360 | ---- | C] () -- C:\Program Files\TAS_201203.zip
[2012.05.24 10:54:34 | 174,749,293 | ---- | C] () -- C:\Program Files\TAS_201011.zip
[2012.05.18 17:14:35 | 000,241,111 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012.05.03 10:48:00 | 000,038,425 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.04.23 19:33:59 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012.02.15 16:13:40 | 181,151,074 | ---- | C] () -- C:\Program Files\TAS.zip
[2012.01.09 17:02:44 | 000,026,555 | ---- | C] () -- C:\Program Files\GV_Leistungsbeschreibung.pdf
[2011.12.30 15:34:13 | 000,077,568 | ---- | C] () -- C:\Program Files\GV_Angebot.pdf
[2011.12.27 12:30:48 | 000,091,807 | ---- | C] () -- C:\Program Files\UV_Angebot.pdf
[2011.12.14 13:26:48 | 153,292,013 | ---- | C] () -- C:\Program Files\Tarifprogramm_201201.zip
[2011.11.24 16:31:12 | 004,957,344 | ---- | C] () -- C:\Program Files\asignFullSetup_network.exe
[2011.11.24 09:00:25 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2011.10.16 18:16:15 | 000,012,977 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011.10.16 18:16:05 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.20 20:09:55 | 000,147,956 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.05.24 14:09:38 | 000,166,011 | ---- | C] () -- C:\Program Files\Personalisierung_2
[2011.05.17 16:33:25 | 001,857,488 | ---- | C] () -- C:\Program Files\install_easyshare.exe
[2011.05.17 13:53:22 | 000,000,031 | ---- | C] () -- C:\Windows\vpms.ini
[2011.04.17 10:23:20 | 000,212,480 | ---- | C] () -- C:\Windows\System32\WinPenTools.dll
[2011.04.15 18:46:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.15 10:30:11 | 015,729,080 | ---- | C] () -- C:\Program Files\macdocupen_rc800.zip
[2011.04.13 09:14:52 | 000,000,027 | ---- | C] () -- C:\Windows\Gauss.ini
[2011.03.07 18:38:20 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe
[2011.03.04 15:00:01 | 000,031,944 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.03.04 14:58:55 | 000,000,156 | ---- | C] () -- C:\Windows\setscan.ini
[2011.03.01 21:10:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.09.17 12:00:04 | 012,832,768 | ---- | C] () -- C:\Windows\System32\wb_gsdll32.dll
[2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 20:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2011.03.04 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\.oit
[2011.11.24 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\A-Trust GmbH
[2011.12.02 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASCON Installer
[2011.03.04 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Canon Electronics
[2012.08.10 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012.08.10 11:22:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\hellomoto
[2011.07.26 10:27:55 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ISIS Drivers
[2011.04.07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nokia
[2012.08.07 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Panda Security
[2011.03.02 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PC Suite
[2012.07.13 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PhraseExpress
[2012.01.16 12:08:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\prism
[2011.03.04 15:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ScanSoft
[2012.05.19 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Swiss Academic Software
[2012.01.16 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2011.03.04 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon
[2011.10.31 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zurich
[2012.03.10 08:21:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"

Log-Analyse und Auswertung: Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"

Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"

Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"

Ähnliche Themen: Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"