|
Log-Analyse und Auswertung: Trojaner Alert nach pdfCreator UpdateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.01.2013, 23:13 | #1 |
| Trojaner Alert nach pdfCreator Update Hallo liebes Forum, danke dass ihr das hier zur Verfügung stellt!! Habe folgendes Problem. WIN/VISTA mit Kaspersky Internet Security / Browser: Chrome Seit zwei Monaten benutze ich pdfCreator. Alles war in Ordnung bis jetzt. Als ich vor zwei Tagen das Programm manuell öffnen wollte, wies mich ein öffnendes Fenster auf ein vorher notwendiges Update hin, dem ich auch zugestimmt habe. Nach dem Update erhielt ich eine Meldung von Kaspersky, dass ein Trojaner namens PDM.trojan.generic von pdfCreator unter Quarantäne gesetzt worden sei. So weit so gut, als ich dann aber nach diesem Problem mit pdfCreator im Internet gesucht habe, sah ich dass es weitgehender ist. Ich habe später versucht pdfCreator zu löschen, was aber nicht geht weil die Datei beschädigt ist. Habe auch Anti-Malware von Malwarebytes installiert und laufen lassen. Der hat tatsächlich zwei Viren-Dateien von PUP.Adware.Agent gefunden und gelöscht. Aber diesen Trojaner von pdf Forge nicht erkannt. Problem eins: ich kann dieses b..... Programm (pdfCreator) nicht löschen Problem zwei: reicht es wenn Kaspersky den Trojaner unter Quarantäne setzt? Oder habe ich dadurch weitere Probleme im Hintergrund? Bin mit den anderen Postings nicht so sehr zurecht gekommen weil ich nicht so mit den Begriffen vertraut bin. Habe aber alle Schritte die ihr Anfängern ratet, durchgeführt. Hier die Textdateien aus den Scans: Eine Extras-Datei hat OTL aber nicht angelegt. OTL logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.01.2013 11:12:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,88% Memory free 4,21 Gb Paging File | 2,65 Gb Available in Paging File | 62,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 44,13 Gb Free Space | 36,00% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32 Computer Name: RACHELFOREST-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL (2).exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) PRC - C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron) PRC - C:\Programme\Softex\OmniPass\scureapp.exe () PRC - C:\Programme\Softex\OmniPass\opvapp.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll () MOD - C:\Programme\AntiBrowserSpy\Commons.dll () MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll () MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll () MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll () MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\ContextHandler.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp () MOD - C:\Programme\Softex\OmniPass\hdddrv.dll () MOD - C:\Programme\Softex\OmniPass\scureapp.exe () MOD - C:\Programme\Softex\OmniPass\userdata.dll () MOD - C:\Programme\Softex\OmniPass\autheng.dll () MOD - C:\Programme\Softex\OmniPass\scuredll.dll () MOD - C:\Programme\Softex\OmniPass\storeng.dll () MOD - C:\Programme\Softex\OmniPass\opfsdll.dll () MOD - C:\Programme\Softex\OmniPass\cryptodll.dll () MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll () MOD - C:\Windows\System32\ztvunrar36.dll () MOD - C:\Programme\TUGZip\TzShell.dll () MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SearchAnonymizer) -- C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\RACHEL~1\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys () DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG ) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=86571b63000000000000001b77e60c18 IE - HKCU\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D454441&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13" FF - prefs.js..extensions.enabledAddons: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: {7e111a5c-3d11-4f56-9463-5310c3c69025}:10.13.40.15 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M] [2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.12 11:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions [2012.12.12 11:04:22 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.04.07 08:42:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2012.04.07 00:27:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\ffxtlbr@babylon.com [2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack [2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi [2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.10 17:15:51 | 000,000,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\conduit.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-1.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml [2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml [2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml [2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml [2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-2.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-3.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml [2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml [2011.05.12 17:05:24 | 000,001,120 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin.xml [2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\Search_Results.xml [2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml [2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml [2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml [2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.07 14:01:45 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.3_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Babylon Translator = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Summer Fields = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Freeware.de = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.18.20_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe [2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9 [2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e [2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967 [2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\*****\de (1).exe ========== Files - Modified Within 30 Days ========== [2013.01.16 10:43:30 | 000,002,273 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk [2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe [2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 09:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.16 09:29:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe [2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe [2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg [2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst [2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 21:34:24 | 000,035,783 | ---- | M] () -- C:\Users\*****\Documents\Muster Best. mündl. Kündigung.rtf [2012.12.21 11:58:28 | 000,002,780 | ---- | M] () -- C:\Users\*****\.recently-used.xbel ========== Files Created - No Company Name ========== [2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe [2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe [2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg [2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst [2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys [2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\*****\Bilder Strassenverlauf .pdf [2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\*****\BILD1178.JPG [2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\*****\BILD1176.JPG [2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\*****\BILD1177.JPG [2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\*****\BILD1179.JPG [2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\*****\BILD1181.JPG [2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\*****\BILD1182.JPG [2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\*****\BILD1180.JPG [2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\*****\ust 4. quartal.pdf [2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp [2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp [2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat [2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\*****\bibi4_kl.gif [2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\*****\ebay 2.jpg [2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\*****\ebay 1.jpg [2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\*****\E-Porto Journal.pdf [2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out [2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.05 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon [2012.01.21 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AntiBrowserSpy 2009 [2010.08.11 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avanquest [2011.08.02 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avery [2012.01.16 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon [2010.11.19 17:53:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\concept design [2013.01.15 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon [2011.11.26 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\elsterformular [2011.02.13 01:10:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.01.16 17:53:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Free PDF to Word Converter [2011.07.13 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN [2012.11.28 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2010.07.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2012.11.02 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Image Zone Express [2010.05.10 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\inkscape [2010.06.17 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\klickTel [2012.04.02 13:57:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware [2010.01.27 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LogoMaker [2011.05.12 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS [2011.05.12 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2013.01.15 13:04:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge [2012.04.04 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Printer Info Cache [2010.03.25 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SAD_OffV10 [2010.03.02 23:21:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scribus [2012.01.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Smart PDF Converter [2010.08.17 23:04:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SmartTools [2012.01.21 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softland [2010.10.20 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max3 [2010.11.17 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4 [2012.12.09 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4 DEU [2011.09.26 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template [2010.01.25 19:54:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.06.17 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software [2011.07.20 10:26:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\UDC Profiles [2010.03.05 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems [2010.12.17 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 833 bytes -> C:\Users\*****\Documents\ - Ihre Bestellbestätigung.eml:OECustomProperty @Alternate Data Stream - 685 bytes -> C:\Users\*****\Documents\Re .eml:OECustomProperty @Alternate Data Stream - 1013 bytes -> C:\Users\*****\Documents\Käuferschutz TS zur Bestellung bei.eml:OECustomProperty < End of report > Gmer Textdatei/Scan Report GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-16 19:19:17 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB Running: gmer-2.0.18444.exe; Driver: C:\Users\****~1\AppData\Local\Temp\kfkdaaog.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9475F28A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x94779342] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x94779678] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x947799EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9475FD04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9477902A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x94760276] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x94760164] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x947794E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9475F046] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9476038E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9475F8BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x947795B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9476074E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9475FD46] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94761750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94760840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x94760DAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x94777840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94760308] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x947601F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9475F4C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94760B90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94760420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9475F3B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9476055C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x94777A38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x947610D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x947609E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x947797DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9477972A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x94779848] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x947615F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x947791B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9475FBA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x947605FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x94761222] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x94761316] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94761450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94760670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9475F664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9475F5BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94760F8A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9475F750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9475FA2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x947604A6] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 119 87EEB7DC 4 Bytes [8A, F2, 75, 94] {MOV DH, DL; JNZ 0xffffff98} .text ntkrnlpa.exe!KeSetEvent + 13D 87EEB800 8 Bytes [42, 93, 77, 94, 78, 96, 77, ...] {INC EDX; XCHG EBX, EAX; JA 0xffffff98; JS 0xffffff9c; JA 0xffffff9c} .text ntkrnlpa.exe!KeSetEvent + 181 87EEB844 4 Bytes [EE, 99, 77, 94] {OUT DX, AL; CDQ ; JA 0xffffff98} .text ntkrnlpa.exe!KeSetEvent + 1A9 87EEB86C 4 Bytes [04, FD, 75, 94] {ADD AL, 0xfd; JNZ 0xffffff98} .text ntkrnlpa.exe!KeSetEvent + 1C1 87EEB884 4 Bytes [2A, 90, 77, 94] .text ... ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 75ADA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Registry - GMER 2.0 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823 ---- EOF - GMER 2.0 ---- Danke Euch für Euren support!! Kat76hy |
18.01.2013, 15:30 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Alert nach pdfCreator UpdateZitat:
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu Trojaner Alert nach pdfCreator Update |
abelssoft, adobe, alert, avp.exe, babylontoolbar, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, home, hotkey.sys, internet, kaspersky, launch, logfile, nodrives, pdfcreator, plug-in, programm, realtek, registry, search the web, security, senden, software, tastatur, temp, trojaner, update, usb |