Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten

Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten


Plagegeister aller Art und deren Bekämpfung: Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.03.2013, 04:49   #1
KiRa69
 
Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten - Standard

Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten


Hallo,
ich habe einen Schädling auf 3 PC's den ich einfach nicht mehr weg bekomme.

Zum Anfang zu Rechner a.
(1 SSD / 2 HDD's Raid 0)

Alles gelöscht und mit 0en überschrieben mit der Ultimate Boot CD + MBR gelöscht auf allen 3 Platten.

Symptome:

"-" Verbindung im Res. Monitor
Screen:

-

Google.de sieht anders aus:


(auch mit deaktivierten addons)
+ wenn ich zb auf Youtube oder Google+ klicke zeigt mir Firefox eine Warnung das diese Seite ein ungültiges Sicherheitszertifikat hat.

-

Kaspersky warnt vor zweitverindung auch zb hier auf dem Board
Screen:

-

svchost.exe bzw System scheinen nicht ganz unbeteiligt (Bauchgefühl)

-

OTL deaktiviert nach QuickScan "Extra-Regestrierung" (weiss nicht ob das normal ist)

.

Logs:

OTL:
Code:
ATTFilter
OTL logfile created on: 30.03.2013 04:04:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Baphomet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 81,43% Memory free
19,89 Gb Paging File | 18,25 Gb Available in Paging File | 91,75% Paging File free
Paging file location(s): c:\pagefile.sys 12288 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 198,36 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive D: | 931,52 Gb Total Space | 931,40 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
 
Computer Name: HELLGATE | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 04:03:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Baphomet\Desktop\OTL.exe
PRC - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.12.04 05:22:02 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.11.19 12:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.11.19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.29 20:42:29 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll
MOD - [2013.03.29 20:42:29 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll
MOD - [2013.03.29 20:42:28 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll
MOD - [2013.03.29 20:42:28 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll
MOD - [2013.03.29 20:41:38 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013.03.29 20:41:38 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013.03.29 20:41:30 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\dedf199d04be73f377dca07663d16314\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013.03.29 20:41:29 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\f860592ad08cd50636eb3fc2904a7b64\IAStorCommon.ni.dll
MOD - [2013.03.29 20:41:27 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a0e807949b2aea788d359fed84f8139f\IAStorUtil.ni.dll
MOD - [2013.03.29 20:41:26 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.03.29 20:41:24 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.03.29 20:41:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.03.29 20:41:23 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.03.29 20:00:22 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.03.29 20:00:20 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.03.29 20:00:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.03.29 20:00:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.03.29 20:00:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.03.29 20:00:17 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.03.29 20:00:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.30 03:09:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.17 21:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.14 13:45:34 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.12.14 13:45:34 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.14 13:45:34 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.12.14 13:45:32 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.12.12 16:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.04 05:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.12.04 05:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.12.04 05:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.11.19 12:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.11.19 12:10:36 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.10.03 14:11:18 | 000,433,976 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.11 21:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.04.11 21:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-763975964-2703309485-3490428672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-763975964-2703309485-3490428672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-763975964-2703309485-3490428672-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.29 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.29 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.29 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.29 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.29 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.30 03:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.30 03:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [BrowserChoice] C:\Windows\SysNative\browserchoice.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{890CEDCA-AF38-4D6F-862E-5F6772C7DCED}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 03:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.03.30 03:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.30 03:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.30 03:17:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.30 03:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.30 03:17:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.03.30 03:09:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.03.30 03:09:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.30 03:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.30 03:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.30 03:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.29 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.03.29 20:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.29 20:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.03.29 20:16:19 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.03.29 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.03.29 18:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.03.29 18:20:41 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.03.29 18:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.03.29 18:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.29 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.03.29 18:20:34 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.03.29 18:20:34 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.03.29 18:20:31 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2013.03.29 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.29 18:08:25 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.03.29 18:08:19 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.03.29 18:06:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.29 18:03:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.03.29 18:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.03.29 18:03:14 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.03.29 18:03:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.03.29 18:03:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.03.29 18:03:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.03.29 18:03:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.03.29 18:03:13 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.03.29 18:03:13 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.03.29 18:03:13 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.03.29 18:03:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.03.29 18:03:13 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.03.29 18:03:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.03.29 18:03:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.03.29 18:03:13 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.03.29 18:03:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.03.29 18:03:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.03.29 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.03.29 18:03:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.03.29 18:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.03.29 18:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.03.29 18:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.29 18:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.03.29 18:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.03.29 18:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.29 17:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2013.03.29 17:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2013.03.29 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2013.03.29 17:57:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.29 17:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.03.29 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.03.29 17:53:05 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013.03.29 17:53:05 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013.03.29 17:50:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.03.29 17:50:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.29 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2013.03.29 17:49:10 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.03.29 17:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.03.29 17:48:59 | 000,000,000 | ---D | C] -- C:\Intel
[2013.03.29 17:42:35 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2013.03.29 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\Links
[2013.03.29 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps
[2013.03.29 17:21:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.29 17:21:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.29 17:21:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2013.03.29 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2013.03.29 17:21:10 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2013.03.29 17:21:10 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.29 17:21:10 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2013.03.29 17:21:10 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2013.03.29 17:21:10 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2013.03.29 17:21:10 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2013.03.29 17:21:10 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2013.03.29 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2013.03.29 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2013.03.29 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.29 17:21:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.29 17:21:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.29 17:17:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.03.29 17:16:57 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.03.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 04:02:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 04:02:09 | 2057,801,727 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.30 04:01:55 | 000,014,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 04:01:55 | 000,014,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 03:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 03:56:49 | 001,501,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.30 03:56:49 | 000,654,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.30 03:56:49 | 000,616,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.30 03:56:49 | 000,130,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.30 03:56:49 | 000,106,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.30 03:44:19 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.30 03:17:07 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.30 03:02:35 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.30 02:54:36 | 001,702,573 | ---- | M] () -- C:\voll2.drd
[2013.03.30 01:29:55 | 020,163,631 | ---- | M] () -- C:\voll.drd
[2013.03.29 20:14:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.29 19:32:54 | 000,267,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.29 19:02:06 | 000,007,602 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.03.29 18:20:41 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.03.29 17:55:33 | 001,499,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.29 17:36:44 | 000,000,146 | ---- | M] () -- C:\Users\Admin\Desktop\Sound.lnk
[2013.03.29 17:18:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.03.29 17:18:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.03.15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.13 17:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
 
========== Files Created - No Company Name ==========
 
[2013.03.30 03:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.30 03:17:07 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.30 03:09:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 03:02:35 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.30 03:02:35 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.30 02:44:32 | 001,702,573 | ---- | C] () -- C:\voll2.drd
[2013.03.30 01:29:54 | 020,163,631 | ---- | C] () -- C:\voll.drd
[2013.03.29 20:14:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.03.29 19:23:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.29 19:18:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.29 19:02:06 | 000,007,602 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.03.29 18:20:44 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.03.29 18:08:28 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.03.29 18:08:25 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.03.29 18:08:19 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.03.29 18:08:19 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.03.29 18:08:19 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.03.29 18:03:14 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.03.29 18:03:13 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.03.29 18:00:58 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.29 18:00:41 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.29 17:55:33 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.29 17:36:44 | 000,000,146 | ---- | C] () -- C:\Users\Admin\Desktop\Sound.lnk
[2013.03.29 17:16:57 | 2057,801,727 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.12 16:38:16 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.12 16:38:16 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.29 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\Baphomet\AppData\Roaming\Leadertech
 
========== Purity Check ==========
 
 

< End of report >
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 30.03.2013 04:04:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Baphomet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 81,43% Memory free
19,89 Gb Paging File | 18,25 Gb Available in Paging File | 91,75% Paging File free
Paging file location(s): c:\pagefile.sys 12288 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 198,36 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive D: | 931,52 Gb Total Space | 931,40 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
 
Computer Name: HELLGATE | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-763975964-2703309485-3490428672-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2013 13:13:25 | Computer Name = Hellgate | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICCProxy.exe, Version: 1.0.0.1, Zeitstempel:
 0x4f971121  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dd6cc4  ID des fehlerhaften Prozesses:
 0x894  Startzeit der fehlerhaften Anwendung: 0x01ce2c9f615de2dd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f73303c5-9893-11e2-975f-bc5ff4499b6e
 
Error - 29.03.2013 13:13:26 | Computer Name = Hellgate | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.7.0.1013,
 Zeitstempel: 0x50aa9310  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dd6cc4  ID des fehlerhaften
 Prozesses: 0x904  Startzeit der fehlerhaften Anwendung: 0x01ce2c9fa8224043  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f7414c07-9893-11e2-975f-bc5ff4499b6e
 
Error - 29.03.2013 14:32:23 | Computer Name = Hellgate | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.1.4210, Zeitstempel:
 0x509157b4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x746b6cdc  ID des fehlerhaften Prozesses:
 0x698  Startzeit der fehlerhaften Anwendung: 0x01ce2ca358f42e70  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ff386fb0-989e-11e2-b61f-bc5ff4499b6e
 
Error - 29.03.2013 14:32:25 | Computer Name = Hellgate | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICCProxy.exe, Version: 1.0.0.1, Zeitstempel:
 0x4f971121  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x746b6cdc  ID des fehlerhaften Prozesses:
 0xa94  Startzeit der fehlerhaften Anwendung: 0x01ce2ca35b1f9a23  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0066be73-989f-11e2-b61f-bc5ff4499b6e
 
Error - 29.03.2013 14:32:25 | Computer Name = Hellgate | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.7.0.1013,
 Zeitstempel: 0x50aa9310  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x746b6cdc  ID des fehlerhaften
 Prozesses: 0xee8  Startzeit der fehlerhaften Anwendung: 0x01ce2ca3a1247fc5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 007506b5-989f-11e2-b61f-bc5ff4499b6e
 

Berichts-ID:
 c4ef007f-98dc-11e2-a9fd-bc5ff4499b6e  
 
[ System Events ]
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 29.03.2013 20:25:24 | Computer Name = Hellgate | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
 
< End of report >

GMER:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 04:25:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005a ATA_____ rev.1.5_ 238,47GB
Running: asd1123ccasd5.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwlyipod.sys


---- Files - GMER 2.1 ----

File  C:\Users\Admin\AppData\Local\Temp\tmp3B00.tmp        0 bytes
File  C:\Windows\System32\wbem\Performance\WmiApRpl_new.h  357 bytes

---- EOF - GMER 2.1 ----


Danke für eure Hilfe, bin echt am Ende

 

Themen zu Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten
bho, cpu, ebanking, error, firefox, flash player, format, homepage, iexplore.exe, install.exe, internet security 2013, kaspersky internet security 2013, kommt immer wieder, launch, logfile, mozilla, performance, realtek, registry, rundll, schädling, security, software, system, tastatur, ultimate boot cd, ungültiges, usb, virus, warnung, windows, windows xp


« snap.do entfernen, malwarebytes findet nichts! | easylifeapp search und unerwünschte verlinkungen »


Ähnliche Themen: Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten


  1. Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...
    Plagegeister aller Art und deren Bekämpfung - 30.01.2014 (13)
  2. Virus kommt immer wieder, mehrmals gelöscht, deaktiviert Firewall etc. (Sirefef?!)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (10)
  3. Polizei Virus kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (15)
  4. Virus(Pup.Datamngr) kommt immer wieder zurück
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (11)
  5. Mein Pc ist von einem "TR/Sirefef.BV.2" Virus befallen. Kommt immer wieder auch nach Löschen!
    Log-Analyse und Auswertung - 27.02.2012 (3)
  6. Gema Virus kommt immer wieder...
    Log-Analyse und Auswertung - 27.02.2012 (7)
  7. Virus der immer wieder kommt trotz Formatierung
    Plagegeister aller Art und deren Bekämpfung - 03.04.2010 (7)
  8. Virus kommt immer wieder !
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (1)
  9. Virus kommt immer wieder!! Hilfe!
    Mülltonne - 14.11.2008 (0)
  10. Brauche Hilfe - TR/Obfuscated.GX.2346 kommt immer wieder
    Log-Analyse und Auswertung - 14.10.2008 (6)
  11. virus verursacht grafikprobleme und kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 08.09.2008 (1)
  12. VIRUS kommt nach löschen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 25.05.2008 (12)
  13. Hilfe mein Virus kommt immer wieder
    Mülltonne - 24.02.2007 (0)
  14. Hilfe mein Virus kommt immer wieder!!!!
    Mülltonne - 24.02.2007 (0)
  15. virus kommt immer wieder zurück
    Plagegeister aller Art und deren Bekämpfung - 04.04.2005 (15)
  16. Komischer Kram.. Virus..Trojaner..wie auch immer. Brauche bitte hilfe!
    Log-Analyse und Auswertung - 20.03.2005 (1)
  17. about:blank, der auch nach dem Löschen immer wieder kommt
    Log-Analyse und Auswertung - 31.08.2004 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten - Hallo, ich habe einen Schädling auf 3 PC's den ich einfach nicht mehr weg bekomme. Zum Anfang zu Rechner a. (1 SSD / 2 HDD's Raid 0) Alles gelöscht und - Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten...
Archiv
Du betrachtest: Virus kommt immer wieder, auch mit neuem MBR. Brauche Experten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131