qvob6 trotz Kaspersky eingefangen

Alu-Paul · 20.04.2013, 22:56

Guten Abend,
ich war noch bei einem "50ten" Geburtstag und morgen bin ich zu der Konfirmation meines Neffen eingeladen...
Also kommt da von mir erst morgen abend wieder was...

Hier die gewünschten Informationen:

Code:

ATTFilter

   Fixlog OTL:

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\User\Anwendungsdaten\skype.ini moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKU\S-1-5-21-1844237615-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\MasterIdDataCheckSum deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 14476038 bytes
->Temporary Internet Files folder emptied: 31607935 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3546664 bytes
->Flash cache emptied: 926 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2557398 bytes
RecycleBin emptied: 806 bytes
 
Total Files Cleaned = 50,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04202013_140843

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



MBAM-Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: CHEFNEU [Administrator]

20.04.2013 14:23:22
mbam-log-2013-04-20 (14-23-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214996
Laufzeit: 2 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


ESET LOG:

No Threads found


Security Check LOG:

 Results of screen317's Security Check version 0.99.62  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Anti-Virus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 35  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 2013 wmi32.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 



OTL LOG:OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 20.04.2013 23:39:37 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 74,77% Memory free
5,08 Gb Paging File | 4,34 Gb Available in Paging File | 85,44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 73,10 Gb Total Space | 58,48 Gb Free Space | 80,01% Space Free | Partition Type: NTFS
Drive D: | 172,78 Gb Total Space | 101,78 Gb Free Space | 58,91% Space Free | Partition Type: NTFS
Drive F: | 219,89 Gb Total Space | 191,86 Gb Free Space | 87,25% Space Free | Partition Type: NTFS
Drive G: | 29,67 Gb Total Space | 29,58 Gb Free Space | 99,69% Space Free | Partition Type: FAT32
 
Computer Name: CHEFNEU | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\bin32\nSvcAppFlt.exe ()
MOD - C:\Programme\bin32\nSvcIp.exe ()
MOD - C:\Programme\bin32\SpecialCase.dll ()
MOD - C:\Programme\bin32\nv_common.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (SASKUTIL) -- C:\DOKUME~1\User\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- C:\DOKUME~1\User\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\WINDOWS\system32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\WINDOWS\system32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\WINDOWS\system32\drivers\kneps.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (MOSUMAC) -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS (--)
DRV - (PciPPorts) -- C:\WINDOWS\system32\drivers\PciPPorts.sys ()
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BrPar) -- C:\WINDOWS\system32\drivers\BRPAR.SYS (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 75 44 76 AE 3D CE 01  [binary data]
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.04.18 12:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.18 12:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.04.18 12:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.18 09:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.03.26 17:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2012.12.21 20:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\extensions
[2012.12.21 20:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\extensions\trash
[2012.12.21 20:45:22 | 000,215,985 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2012.12.18 22:57:01 | 000,214,909 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\extensions\trash\onlinehdtv@onlinehd.tv.xpi
[2012.10.27 00:39:13 | 000,002,079 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\searchplugins\{0D66E491-966A-47F1-A3BF-20FE9AD07257}.xml
[2012.10.27 00:39:13 | 000,002,190 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\searchplugins\{3C2D4E29-3154-492F-A8B9-768EB194E61A}.xml
[2012.10.27 00:39:13 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\icki29l2.default\searchplugins\{AA1D4C78-7087-4F1E-BED6-C641E3D8AAB3}.xml
[2013.03.18 09:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.18 09:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.18 09:14:03 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.03.18 09:14:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.03.18 09:14:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2013.03.18 09:14:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.18 09:14:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.03.18 09:14:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.18 09:14:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.18 09:14:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.18 09:14:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.11.11 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348467860984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1366282108312 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFC082C-E2DC-4C18-8432-E90A3FFA8ABA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.17 14:07:07 | 000,000,007 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{396eb6c7-3ecc-11e2-bfbb-665544336040}\Shell - "" = AutoRun
O33 - MountPoints2\{396eb6c7-3ecc-11e2-bfbb-665544336040}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{396eb6c7-3ecc-11e2-bfbb-665544336040}\Shell\AutoRun\command - "" = G:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 14:32:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.04.20 14:30:18 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe
[2013.04.20 14:22:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.20 14:22:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.20 14:08:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.20 12:33:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[2013.04.20 00:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2013.04.18 12:48:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SUPERAntiSpyware.com
[2013.04.18 12:48:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2013.04.18 12:48:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2013.04.18 12:48:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.18 12:22:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Sun
[2013.04.18 11:34:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Anti-Virus 2013
[2013.04.18 11:30:50 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013.04.18 11:27:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.04.18 11:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2013.04.18 11:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2013.04.18 11:21:26 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1
[2013.04.18 01:28:46 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.04.17 12:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.04.11 21:56:20 | 000,000,000 | ---D | C] -- C:\Programme\Temp
[2013.04.10 14:59:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Wondershare
[2013.04.10 14:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2013.04.07 22:57:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.04.05 21:50:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\ftp-uploader
[2013.04.05 21:50:02 | 000,000,000 | ---D | C] -- C:\Programme\ftp-uploader
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 22:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.20 14:22:03 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.20 14:19:14 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Word 2003.lnk
[2013.04.20 14:14:12 | 000,452,398 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.20 14:14:12 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.20 14:14:12 | 000,081,356 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.20 14:14:12 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.20 14:09:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.20 14:03:34 | 000,890,815 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SecurityCheck.exe
[2013.04.20 14:03:04 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe
[2013.04.20 13:37:56 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Outlook 2003.lnk
[2013.04.20 12:43:08 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2013.04.20 02:03:47 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
[2013.04.20 01:38:51 | 000,000,845 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Internet Explorer.lnk
[2013.04.20 01:38:51 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.20 01:24:34 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\adwcleaner.exe
[2013.04.20 00:01:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2013.04.19 23:50:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.19 23:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe
[2013.04.19 23:41:20 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\6yzpj996.exe
[2013.04.19 23:40:38 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2013.04.18 12:58:16 | 000,586,584 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013.04.18 12:58:16 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kltdi.sys
[2013.04.18 11:32:09 | 000,000,828 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.04.18 11:26:14 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.04.18 11:21:26 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.17 14:07:07 | 000,000,007 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013.04.11 22:45:41 | 000,329,713 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Hirnnerven.pdf
[2013.04.11 21:56:05 | 000,000,193 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Amazon.de.url
[2013.04.10 20:34:03 | 000,000,183 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\default.rss
[2013.04.10 20:33:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.04.05 22:25:27 | 000,001,571 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\ftp-uploader.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.03.25 01:29:35 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.04.20 23:34:50 | 000,890,815 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SecurityCheck.exe
[2013.04.20 14:22:03 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.20 12:46:41 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe
[2013.04.20 02:03:47 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
[2013.04.20 01:37:25 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\adwcleaner.exe
[2013.04.20 00:04:27 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\6yzpj996.exe
[2013.04.20 00:01:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2013.04.19 23:46:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe
[2013.04.18 11:34:30 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.04.18 11:26:14 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.04.18 11:26:14 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.04.18 11:21:26 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.11 22:45:37 | 000,329,713 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Hirnnerven.pdf
[2013.04.11 21:56:05 | 000,000,193 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Amazon.de.url
[2013.04.05 21:50:13 | 000,001,571 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\ftp-uploader.lnk
[2013.01.11 01:17:12 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2013.01.08 23:58:17 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2013.01.08 23:58:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2013.01.08 23:58:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012.10.27 00:40:18 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Posteriza Installer.INI
[2012.10.16 20:26:54 | 000,002,103 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.09.25 08:21:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.06 23:33:03 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.02 19:33:36 | 000,082,944 | R--- | C] () -- C:\WINDOWS\System32\drivers\PciPPorts.sys
[2012.05.02 19:33:35 | 000,115,200 | R--- | C] () -- C:\WINDOWS\System32\drivers\PciSPorts.sys
[2012.05.02 19:32:17 | 000,022,728 | R--- | C] () -- C:\WINDOWS\System32\M65Lang.ini
[2012.05.02 19:29:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\MOSCHIP_PciUninst.exe
[2012.04.26 23:47:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2012.04.26 23:47:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012.04.26 23:46:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2012.04.26 23:46:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2012.04.26 23:46:55 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2012.04.26 23:46:51 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.04.26 23:46:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2012.04.25 22:12:38 | 000,000,183 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\default.rss
[2012.04.25 22:12:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.04.25 21:15:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.04.19 16:07:40 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.03.26 16:49:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.03.26 16:48:18 | 000,165,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.26 16:46:12 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.03.26 16:46:12 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.03.26 16:46:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.03.26 16:46:05 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.03.26 16:43:46 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.03.26 16:41:49 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012.03.26 16:18:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.26 15:56:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.03.26 15:53:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== ZeroAccess Check ==========
 
[2012.04.23 11:37:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.10 02:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.06.26 00:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2012.04.26 22:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Tool
[2013.01.07 20:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dvdfab
[2012.04.23 11:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\expLauncher
[2013.02.03 03:06:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2013.01.07 20:53:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2012.04.26 22:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon
[2012.05.18 23:47:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ObviousIdea
[2012.04.26 01:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org
[2012.10.27 00:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0
    DMAEnabled	REG_DWORD	0x0
    Driver	REG_SZ	atapi
 
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    Class	REG_SZ	hdc
    <NO NAME>	REG_SZ	IDE ATA/ATAPI-Controller
    Icon	REG_SZ	-9
    Installer32	REG_SZ	SysSetup.Dll,HdcClassInstaller
    TroubleShooter-0	REG_SZ	hcp://help/tshoot/tsdrive.htm
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	pciide_Inst
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	pci\cc_0101
    DriverDesc	REG_SZ	Standard-Zweikanal-PCI-IDE-Controller
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	pciide_Inst
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	pci\cc_0101
    DriverDesc	REG_SZ	Standard-Zweikanal-PCI-IDE-Controller
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002
    EnumPropPages32	REG_SZ	storprop.dll,IdePropPageProvider
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	atapi_Inst_primary
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	primary_ide_channel
    DriverDesc	REG_SZ	Primärer IDE-Kanal
    MasterDeviceType	REG_DWORD	0x0
    SlaveDeviceType	REG_DWORD	0x0
    MasterDeviceTimingMode	REG_DWORD	0x0
    SlaveDeviceTimingMode	REG_DWORD	0x0
    SlaveDeviceTimingModeAllowed	REG_DWORD	0xffffffff
    SlaveIdDataCheckSum	REG_DWORD	0x1f6e6
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003
    EnumPropPages32	REG_SZ	storprop.dll,IdePropPageProvider
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	atapi_Inst_secondary
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	secondary_ide_channel
    DriverDesc	REG_SZ	Sekundärer IDE-Kanal
    MasterDeviceType	REG_DWORD	0x0
    SlaveDeviceType	REG_DWORD	0x0
    MasterDeviceTimingMode	REG_DWORD	0x0
    SlaveDeviceTimingMode	REG_DWORD	0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004
    EnumPropPages32	REG_SZ	storprop.dll,IdePropPageProvider
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	atapi_Inst_primary
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	primary_ide_channel
    DriverDesc	REG_SZ	Primärer IDE-Kanal
    MasterDeviceType	REG_DWORD	0x1
    SlaveDeviceType	REG_DWORD	0x0
    MasterDeviceTimingMode	REG_DWORD	0x20010
    MasterDeviceTimingModeAllowed	REG_DWORD	0xffffffff
    SlaveDeviceTimingMode	REG_DWORD	0x0
    MasterIdDataCheckSum	REG_DWORD	0x165a5
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005
    EnumPropPages32	REG_SZ	storprop.dll,IdePropPageProvider
    InfPath	REG_SZ	mshdc.inf
    InfSection	REG_SZ	atapi_Inst_secondary
    ProviderName	REG_SZ	Microsoft
    DriverDateData	REG_BINARY	008062C5C001C101
    DriverDate	REG_SZ	7-1-2001
    DriverVersion	REG_SZ	5.1.2600.5512
    MatchingDeviceId	REG_SZ	secondary_ide_channel
    DriverDesc	REG_SZ	Sekundärer IDE-Kanal
    MasterDeviceType	REG_DWORD	0x0
    SlaveDeviceType	REG_DWORD	0x2
    MasterDeviceTimingMode	REG_DWORD	0x0
    MasterDeviceTimingModeAllowed	REG_DWORD	0xffffffff
    MasterIdDataCheckSum	REG_DWORD	0x8805
    SlaveDeviceTimingMode	REG_DWORD	0x10010
    SlaveDeviceTimingModeAllowed	REG_DWORD	0xffffffff
    SlaveIdDataCheckSum	REG_DWORD	0x8805
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties

< End of report >
         
 --- --- ---

Gruß und gute Nacht
Alu-Paul
P.S: Du kannst mir natürlich schon mal sagen, was weiter passieren soll, dann kann ich morgen gleich wenn ich komme, das erledigen!

qvob6 trotz Kaspersky eingefangen

Log-Analyse und Auswertung: qvob6 trotz Kaspersky eingefangen

qvob6 trotz Kaspersky eingefangen

Ähnliche Themen: qvob6 trotz Kaspersky eingefangen