| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach Update von pdf-CreatorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.01.2013, 15:07
| #1 |
 |  Trojaner nach Update von pdf-Creator Hallo liebes Forum, das ist meiner zweiter Anlauf nachdem ich mein Kennwort vergessen habe. Deshalb hier noch einmal mein Posting vom 17.01.2013. Habe folgendes Problem. WIN/VISTA mit Kaspersky Internet Security / Browser: Chrome Seit zwei Monaten benutze ich pdfCreator. Alles war in Ordnung bis jetzt. Als ich vor zwei Tagen das Programm manuell öffnen wollte, wies mich ein öffnendes Fenster auf ein vorher notwendiges Update hin, dem ich auch zugestimmt habe. Nach dem Update erhielt ich eine Meldung von Kaspersky, dass ein Trojaner namens PDM.trojan.generic von pdfCreator unter Quarantäne gesetzt worden sei. So weit so gut, als ich dann aber nach diesem Problem mit pdfCreator im Internet gesucht habe, sah ich dass es weitgehender ist. Ich habe später versucht pdfCreator zu löschen, was aber nicht geht weil die Datei beschädigt ist. Habe auch Anti-Malware von Malwarebytes installiert und laufen lassen. Der hat tatsächlich zwei Viren-Dateien von PUP.Adware.Agent gefunden und gelöscht. Aber diesen Trojaner von pdf Forge nicht erkannt. Problem eins: ich kann dieses b..... Programm (pdfCreator) nicht löschen Problem zwei: reicht es wenn Kaspersky den Trojaner unter Quarantäne setzt? Oder habe ich dadurch weitere Probleme im Hintergrund? Bin mit den anderen Postings nicht so sehr zurecht gekommen weil ich nicht so mit den Begriffen vertraut bin. Habe aber alle Schritte die ihr Anfängern ratet, durchgeführt. Hier die Textdateien aus den Scans: Eine Extras-Datei hat OTL aber nicht angelegt. OTL Code:
ATTFilter
OTL logfile created on: 16.01.2013 11:12:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,88% Memory free
4,21 Gb Paging File | 2,65 Gb Available in Paging File | 62,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 44,13 Gb Free Space | 36,00% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: RACHELFOREST-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\*****\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll ()
MOD - C:\Programme\AntiBrowserSpy\Commons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\ContextHandler.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\scureapp.exe ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\scuredll.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\opfsdll.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Programme\TUGZip\TzShell.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\RACHEL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG )
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=86571b63000000000000001b77e60c18
IE - HKCU\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D454441&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: {7e111a5c-3d11-4f56-9463-5310c3c69025}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q="
FF - user.js..browser.search.openintab: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
[2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.12 11:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions
[2012.12.12 11:04:22 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.04.07 08:42:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012.04.07 00:27:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\ffxtlbr@babylon.com
[2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi
[2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.10 17:15:51 | 000,000,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\conduit.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-1.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml
[2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml
[2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml
[2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml
[2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-2.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-3.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml
[2011.05.12 17:05:24 | 000,001,120 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin.xml
[2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\Search_Results.xml
[2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml
[2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml
[2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.07 14:01:45 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.3_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Babylon Translator = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Summer Fields = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Freeware.de = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.18.20_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe
[2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9
[2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e
[2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967
[2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\*****\de (1).exe
========== Files - Modified Within 30 Days ==========
[2013.01.16 10:43:30 | 000,002,273 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe
[2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 09:29:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst
[2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 21:34:24 | 000,035,783 | ---- | M] () -- C:\Users\*****\Documents\Muster Best. mündl. Kündigung.rtf
[2012.12.21 11:58:28 | 000,002,780 | ---- | M] () -- C:\Users\*****\.recently-used.xbel
========== Files Created - No Company Name ==========
[2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst
[2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\*****\Bilder Strassenverlauf .pdf
[2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\*****\BILD1178.JPG
[2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\*****\BILD1176.JPG
[2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\*****\BILD1177.JPG
[2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\*****\BILD1179.JPG
[2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\*****\BILD1181.JPG
[2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\*****\BILD1182.JPG
[2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\*****\BILD1180.JPG
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\*****\ust 4. quartal.pdf
[2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp
[2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp
[2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat
[2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\*****\bibi4_kl.gif
[2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\*****\ebay 2.jpg
[2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\*****\ebay 1.jpg
[2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\*****\E-Porto Journal.pdf
[2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.05 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2012.01.21 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AntiBrowserSpy 2009
[2010.08.11 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avanquest
[2011.08.02 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avery
[2012.01.16 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2010.11.19 17:53:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\concept design
[2013.01.15 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2011.11.26 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\elsterformular
[2011.02.13 01:10:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.01.16 17:53:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Free PDF to Word Converter
[2011.07.13 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN
[2012.11.28 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2010.07.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2012.11.02 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Image Zone Express
[2010.05.10 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\inkscape
[2010.06.17 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\klickTel
[2012.04.02 13:57:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware
[2010.01.27 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LogoMaker
[2011.05.12 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2011.05.12 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2013.01.15 13:04:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge
[2012.04.04 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Printer Info Cache
[2010.03.25 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SAD_OffV10
[2010.03.02 23:21:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scribus
[2012.01.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Smart PDF Converter
[2010.08.17 23:04:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SmartTools
[2012.01.21 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softland
[2010.10.20 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max3
[2010.11.17 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4
[2012.12.09 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4 DEU
[2011.09.26 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2010.01.25 19:54:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2010.06.17 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2011.07.20 10:26:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\UDC Profiles
[2010.03.05 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2010.12.17 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 833 bytes -> C:\Users\*****\Documents\ - Ihre Bestellbestätigung.eml:OECustomProperty
@Alternate Data Stream - 685 bytes -> C:\Users\*****\Documents\Re .eml:OECustomProperty
@Alternate Data Stream - 1013 bytes -> C:\Users\*****\Documents\Käuferschutz TS zur Bestellung bei.eml:OECustomProperty
< End of report >
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-16 19:19:17
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\****~1\AppData\Local\Temp\kfkdaaog.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9475F28A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x94779342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x94779678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x947799EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9475FD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9477902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x94760276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x94760164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x947794E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9475F046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9476038E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9475F8BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x947795B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9476074E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9475FD46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94761750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94760840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x94760DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x94777840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94760308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x947601F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9475F4C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94760B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94760420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9475F3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9476055C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x94777A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x947610D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x947609E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x947797DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9477972A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x94779848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x947615F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x947791B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9475FBA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x947605FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x94761222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x94761316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94761450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94760670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9475F664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9475F5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94760F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9475F750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9475FA2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x947604A6]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 119 87EEB7DC 4 Bytes [8A, F2, 75, 94] {MOV DH, DL; JNZ 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 13D 87EEB800 8 Bytes [42, 93, 77, 94, 78, 96, 77, ...] {INC EDX; XCHG EBX, EAX; JA 0xffffff98; JS 0xffffff9c; JA 0xffffff9c}
.text ntkrnlpa.exe!KeSetEvent + 181 87EEB844 4 Bytes [EE, 99, 77, 94] {OUT DX, AL; CDQ ; JA 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 1A9 87EEB86C 4 Bytes [04, FD, 75, 94] {ADD AL, 0xfd; JNZ 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 1C1 87EEB884 4 Bytes [2A, 90, 77, 94]
.text ...
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 75ADA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823
---- EOF - GMER 2.0 ----
Code:
ATTFilter
www.malwarebytes.org
Datenbank Version: v2013.01.15.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
***** :: *****-PC [Administrator]
Schutz: Aktiviert
15.01.2013 14:38:01
mbam-log-2013-01-15 (14-38-01).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 470198
Laufzeit: 2 Stunde(n), 14 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\*****\Downloads\secret_things.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\slip_away.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.23.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 ***** :: *****-PC [Administrator] Schutz: Aktiviert 24.01.2013 11:47:00 mbam-log-2013-01-24 (11-47-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 465400 Laufzeit: 2 Stunde(n), 31 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) kat76hy2 |
|
24.01.2013, 16:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner nach Update von pdf-Creator Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
25.01.2013, 20:10
| #3 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus,
__________________habe das Anti-Rootkit laufen lassen wie von dir beschrieben. Das Programm beendete mit der Meldung dass kein Cleanup nötig sei (no cleanup required) und das keine malware gefunden wurde. Hier der Log dazu: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.25.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
*****:: *****-PC [administrator]
25.01.2013 19:13:46
mbar-log-2013-01-25 (19-13-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33718
Time elapsed: 2 hour(s), 52 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
26.01.2013, 21:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-Creator 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.01.2013, 11:29
| #5 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus, hier sind die Logfiles von den Scans: aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 17:45:45
-----------------------------
17:45:45.799 OS Version: Windows 6.0.6002 Service Pack 2
17:45:45.799 Number of processors: 2 586 0xF0D
17:45:45.799 ComputerName: *****-PC UserName: *****
17:46:24.442 Initialize success
17:52:11.885 AVAST engine defs: 13012700
17:52:24.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:52:24.848 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
17:52:25.020 Disk 0 MBR read successfully
17:52:25.020 Disk 0 MBR scan
17:52:25.036 Disk 0 Windows VISTA default MBR code
17:52:25.036 Disk 0 Partition - 00 0F Extended LBA 27093 MB offset 257088195
17:52:25.051 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 125531 MB offset 63
17:52:25.098 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 27093 MB offset 257088258
17:52:25.098 Disk 0 scanning sectors +312576705
17:52:25.940 Disk 0 scanning C:\Windows\system32\drivers
17:52:44.598 Service scanning
17:53:02.179 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
17:53:02.242 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
17:53:02.460 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
17:53:02.507 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
17:53:23.458 Modules scanning
17:53:41.179 Disk 0 trace - called modules:
17:53:41.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:53:41.210 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8c0ccac8]
17:53:41.226 3 CLASSPNP.SYS[8e9b08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b242030]
17:53:42.287 AVAST engine scan C:\Windows
17:53:50.664 AVAST engine scan C:\Windows\system32
17:58:34.259 AVAST engine scan C:\Windows\system32\drivers
17:58:52.295 AVAST engine scan C:\Users\*****
18:12:59.288 AVAST engine scan C:\ProgramData
18:27:30.384 Scan finished successfully
18:32:47.111 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
18:32:47.127 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
Code:
ATTFilter 18:47:43.0408 4004 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:47:43.0548 4004 ============================================================
18:47:43.0548 4004 Current date / time: 2013/01/27 18:47:43.0548
18:47:43.0548 4004 SystemInfo:
18:47:43.0548 4004
18:47:43.0548 4004 OS Version: 6.0.6002 ServicePack: 2.0
18:47:43.0548 4004 Product type: Workstation
18:47:43.0548 4004 ComputerName: *****-PC
18:47:43.0548 4004 UserName: *****
18:47:43.0548 4004 Windows directory: C:\Windows
18:47:43.0548 4004 System windows directory: C:\Windows
18:47:43.0548 4004 Processor architecture: Intel x86
18:47:43.0548 4004 Number of processors: 2
18:47:43.0548 4004 Page size: 0x1000
18:47:43.0548 4004 Boot type: Normal boot
18:47:43.0548 4004 ============================================================
18:47:44.0469 4004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:47:44.0609 4004 ============================================================
18:47:44.0609 4004 \Device\Harddisk0\DR0:
18:47:44.0609 4004 MBR partitions:
18:47:44.0656 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xF52DB02, BlocksNum 0x34EAFBF
18:47:44.0656 4004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF52DA84
18:47:44.0656 4004 ============================================================
18:47:44.0687 4004 C: <-> \Device\Harddisk0\DR0\Partition2
18:47:44.0687 4004 D: <-> \Device\Harddisk0\DR0\Partition1
18:47:44.0718 4004 ============================================================
18:47:44.0718 4004 Initialize success
18:47:44.0718 4004 ============================================================
18:47:58.0150 1404 ============================================================
18:47:58.0150 1404 Scan started
18:47:58.0150 1404 Mode: Manual; SigCheck; TDLFS;
18:47:58.0150 1404 ============================================================
18:47:58.0478 1404 ================ Scan system memory ========================
18:47:58.0478 1404 System memory - ok
18:47:58.0478 1404 ================ Scan services =============================
18:47:58.0790 1404 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:47:59.0055 1404 ACPI - ok
18:47:59.0273 1404 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:47:59.0304 1404 AdobeARMservice - ok
18:47:59.0429 1404 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:47:59.0476 1404 adp94xx - ok
18:47:59.0507 1404 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:47:59.0538 1404 adpahci - ok
18:47:59.0585 1404 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:47:59.0616 1404 adpu160m - ok
18:47:59.0648 1404 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:47:59.0679 1404 adpu320 - ok
18:47:59.0741 1404 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:47:59.0835 1404 AeLookupSvc - ok
18:47:59.0913 1404 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:48:00.0006 1404 AFD - ok
18:48:00.0100 1404 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:48:00.0178 1404 AgereModemAudio - ok
18:48:00.0272 1404 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:48:00.0443 1404 AgereSoftModem - ok
18:48:00.0599 1404 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:48:00.0615 1404 aic78xx - ok
18:48:00.0662 1404 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:48:00.0864 1404 ALG - ok
18:48:00.0896 1404 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
18:48:00.0927 1404 aliide - ok
18:48:00.0974 1404 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:48:01.0005 1404 amdagp - ok
18:48:01.0005 1404 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
18:48:01.0036 1404 amdide - ok
18:48:01.0067 1404 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:48:01.0317 1404 AmdK7 - ok
18:48:01.0332 1404 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:48:01.0457 1404 AmdK8 - ok
18:48:01.0535 1404 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:48:01.0582 1404 Appinfo - ok
18:48:01.0722 1404 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:48:01.0754 1404 Apple Mobile Device - ok
18:48:01.0816 1404 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:48:01.0847 1404 arc - ok
18:48:01.0894 1404 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:48:01.0910 1404 arcsas - ok
18:48:02.0658 1404 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:48:02.0690 1404 aspnet_state - ok
18:48:02.0768 1404 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:02.0846 1404 AsyncMac - ok
18:48:02.0892 1404 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:48:02.0908 1404 atapi - ok
18:48:02.0970 1404 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
18:48:03.0017 1404 ATSWPDRV - ok
18:48:03.0095 1404 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:48:03.0189 1404 AudioEndpointBuilder - ok
18:48:03.0220 1404 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:48:03.0267 1404 Audiosrv - ok
18:48:03.0345 1404 [ 87046FD16FE6C0F072F4FDEE3FE454B1 ] auusb C:\Windows\system32\DRIVERS\auusb.sys
18:48:03.0376 1404 auusb - ok
18:48:03.0579 1404 AVP - ok
18:48:03.0657 1404 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:48:03.0766 1404 Beep - ok
18:48:03.0828 1404 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:48:03.0938 1404 BFE - ok
18:48:04.0016 1404 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:48:04.0125 1404 BITS - ok
18:48:04.0140 1404 blbdrive - ok
18:48:04.0250 1404 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:48:04.0281 1404 Bonjour Service - ok
18:48:04.0343 1404 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:48:04.0406 1404 bowser - ok
18:48:04.0452 1404 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:48:04.0515 1404 BrFiltLo - ok
18:48:04.0546 1404 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:48:04.0624 1404 BrFiltUp - ok
18:48:04.0655 1404 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:48:04.0780 1404 Browser - ok
18:48:04.0827 1404 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:48:04.0920 1404 Brserid - ok
18:48:04.0967 1404 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:48:05.0076 1404 BrSerWdm - ok
18:48:05.0108 1404 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:48:05.0232 1404 BrUsbMdm - ok
18:48:05.0638 1404 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:48:05.0778 1404 BrUsbSer - ok
18:48:05.0825 1404 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:48:05.0919 1404 BTHMODEM - ok
18:48:06.0012 1404 [ 48F64A84054771B2FEF55606ADF57557 ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys
18:48:06.0090 1404 Cam5607 - ok
18:48:06.0465 1404 catchme - ok
18:48:06.0527 1404 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:48:06.0652 1404 cdfs - ok
18:48:06.0714 1404 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:48:06.0777 1404 cdrom - ok
18:48:06.0839 1404 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:48:06.0902 1404 CertPropSvc - ok
18:48:06.0980 1404 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:48:07.0120 1404 circlass - ok
18:48:07.0151 1404 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:48:07.0198 1404 CLFS - ok
18:48:07.0245 1404 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:07.0276 1404 clr_optimization_v2.0.50727_32 - ok
18:48:07.0370 1404 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:07.0401 1404 clr_optimization_v4.0.30319_32 - ok
18:48:07.0448 1404 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:07.0510 1404 CmBatt - ok
18:48:07.0572 1404 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:48:07.0604 1404 cmdide - ok
18:48:07.0650 1404 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:48:07.0682 1404 Compbatt - ok
18:48:07.0697 1404 COMSysApp - ok
18:48:07.0713 1404 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:48:07.0728 1404 crcdisk - ok
18:48:07.0760 1404 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:48:07.0869 1404 Crusoe - ok
18:48:07.0931 1404 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:48:07.0994 1404 CryptSvc - ok
18:48:08.0072 1404 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:48:08.0165 1404 DcomLaunch - ok
18:48:08.0212 1404 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:48:08.0306 1404 DfsC - ok
18:48:08.0399 1404 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
18:48:08.0446 1404 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
18:48:08.0446 1404 DfSdkS - detected UnsignedFile.Multi.Generic (1)
18:48:08.0571 1404 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:48:08.0836 1404 DFSR - ok
18:48:08.0883 1404 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:48:08.0945 1404 Dhcp - ok
18:48:08.0992 1404 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:48:09.0023 1404 disk - ok
18:48:09.0070 1404 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:48:09.0132 1404 Dnscache - ok
18:48:09.0195 1404 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:48:09.0288 1404 dot3svc - ok
18:48:09.0320 1404 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:48:09.0398 1404 Dot4 - ok
18:48:09.0616 1404 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:48:09.0725 1404 Dot4Print - ok
18:48:09.0788 1404 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:48:09.0897 1404 dot4usb - ok
18:48:09.0944 1404 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:48:10.0022 1404 DPS - ok
18:48:10.0100 1404 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:48:10.0146 1404 drmkaud - ok
18:48:10.0224 1404 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:48:10.0334 1404 DXGKrnl - ok
18:48:10.0380 1404 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:48:10.0490 1404 E1G60 - ok
18:48:10.0536 1404 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:48:10.0614 1404 EapHost - ok
18:48:10.0677 1404 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:48:10.0708 1404 Ecache - ok
18:48:10.0786 1404 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:48:10.0848 1404 ehRecvr - ok
18:48:10.0895 1404 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:48:11.0004 1404 ehSched - ok
18:48:11.0020 1404 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:48:11.0067 1404 ehstart - ok
18:48:11.0129 1404 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:48:11.0176 1404 elxstor - ok
18:48:11.0223 1404 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:48:11.0332 1404 EMDMgmt - ok
18:48:11.0394 1404 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:48:11.0472 1404 EventSystem - ok
18:48:11.0566 1404 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:48:11.0628 1404 exfat - ok
18:48:11.0660 1404 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:48:11.0722 1404 fastfat - ok
18:48:11.0800 1404 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:48:11.0894 1404 fdc - ok
18:48:11.0940 1404 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:48:12.0018 1404 fdPHost - ok
18:48:12.0050 1404 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:48:12.0143 1404 FDResPub - ok
18:48:12.0252 1404 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
18:48:12.0362 1404 FETNDIS - ok
18:48:12.0408 1404 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:48:12.0440 1404 FileInfo - ok
18:48:12.0455 1404 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:48:12.0502 1404 Filetrace - ok
18:48:12.0658 1404 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
18:48:12.0814 1404 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:48:12.0814 1404 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:48:12.0845 1404 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:12.0954 1404 flpydisk - ok
18:48:13.0001 1404 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:48:13.0032 1404 FltMgr - ok
18:48:13.0095 1404 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:48:13.0110 1404 FontCache3.0.0.0 - ok
18:48:13.0157 1404 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:48:13.0173 1404 Fs_Rec - ok
18:48:13.0188 1404 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:48:13.0220 1404 gagp30kx - ok
18:48:13.0266 1404 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:48:13.0282 1404 GEARAspiWDM - ok
18:48:13.0329 1404 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
18:48:13.0344 1404 GnabService ( UnsignedFile.Multi.Generic ) - warning
18:48:13.0344 1404 GnabService - detected UnsignedFile.Multi.Generic (1)
18:48:13.0407 1404 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:48:13.0500 1404 gpsvc - ok
18:48:13.0578 1404 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:48:13.0594 1404 gupdate - ok
18:48:13.0641 1404 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:48:13.0656 1404 gupdatem - ok
18:48:13.0719 1404 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:48:13.0828 1404 HdAudAddService - ok
18:48:13.0906 1404 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:13.0968 1404 HDAudBus - ok
18:48:14.0000 1404 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:48:14.0109 1404 HidBth - ok
18:48:14.0140 1404 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:48:14.0265 1404 HidIr - ok
18:48:14.0327 1404 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:48:14.0405 1404 hidserv - ok
18:48:14.0436 1404 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:48:14.0530 1404 HidUsb - ok
18:48:14.0577 1404 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:48:14.0655 1404 hkmsvc - ok
18:48:14.0717 1404 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
18:48:14.0748 1404 Hotkey ( UnsignedFile.Multi.Generic ) - warning
18:48:14.0748 1404 Hotkey - detected UnsignedFile.Multi.Generic (1)
18:48:14.0795 1404 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:48:14.0811 1404 HpCISSs - ok
18:48:14.0936 1404 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:48:14.0998 1404 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:48:14.0998 1404 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:48:15.0014 1404 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:48:15.0045 1404 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:48:15.0045 1404 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:48:15.0107 1404 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:48:15.0201 1404 HTTP - ok
18:48:15.0310 1404 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:48:15.0326 1404 i2omp - ok
18:48:15.0372 1404 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:48:15.0435 1404 i8042prt - ok
18:48:15.0575 1404 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:48:15.0606 1404 IAANTMON - ok
18:48:15.0653 1404 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:48:15.0684 1404 iaStor - ok
18:48:15.0762 1404 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:48:15.0794 1404 iaStorV - ok
18:48:15.0887 1404 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:48:15.0950 1404 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:48:15.0950 1404 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:48:16.0074 1404 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:48:16.0184 1404 idsvc - ok
18:48:16.0277 1404 [ 04E385059DA704EC6659DDB1526C4193 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:48:16.0496 1404 igfx - ok
18:48:16.0542 1404 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:48:16.0558 1404 iirsp - ok
18:48:16.0683 1404 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:48:16.0761 1404 IKEEXT - ok
18:48:16.0901 1404 [ 0F16D98C3AF2138FABFA20ADDE4E01FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:48:17.0088 1404 IntcAzAudAddService - ok
18:48:17.0135 1404 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:48:17.0151 1404 intelide - ok
18:48:17.0182 1404 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:48:17.0260 1404 intelppm - ok
18:48:17.0291 1404 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:48:17.0385 1404 IPBusEnum - ok
18:48:17.0432 1404 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:17.0478 1404 IpFilterDriver - ok
18:48:17.0572 1404 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:48:17.0681 1404 iphlpsvc - ok
18:48:17.0697 1404 IpInIp - ok
18:48:17.0790 1404 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:48:17.0915 1404 IPMIDRV - ok
18:48:17.0962 1404 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:48:18.0056 1404 IPNAT - ok
18:48:18.0165 1404 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:48:18.0290 1404 iPod Service - ok
18:48:18.0383 1404 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:48:18.0461 1404 IRENUM - ok
18:48:18.0508 1404 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:48:18.0539 1404 isapnp - ok
18:48:18.0586 1404 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:48:18.0633 1404 iScsiPrt - ok
18:48:18.0648 1404 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:48:18.0680 1404 iteatapi - ok
18:48:18.0711 1404 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:48:18.0726 1404 iteraid - ok
18:48:18.0773 1404 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:18.0804 1404 kbdclass - ok
18:48:18.0836 1404 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:48:18.0882 1404 kbdhid - ok
18:48:18.0929 1404 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:48:18.0960 1404 KeyIso - ok
18:48:19.0023 1404 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
18:48:19.0054 1404 KL1 - ok
18:48:19.0070 1404 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
18:48:19.0101 1404 kl2 - ok
18:48:19.0179 1404 [ AF04D0CE7939324E9A605B159295706C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:48:19.0257 1404 KLIF - ok
18:48:19.0304 1404 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:48:19.0319 1404 KLIM6 - ok
18:48:19.0350 1404 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:48:19.0366 1404 klmouflt - ok
18:48:19.0491 1404 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:48:19.0553 1404 KSecDD - ok
18:48:19.0616 1404 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:48:19.0709 1404 KtmRm - ok
18:48:19.0756 1404 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:48:19.0850 1404 LanmanServer - ok
18:48:19.0881 1404 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:48:19.0974 1404 LanmanWorkstation - ok
18:48:20.0052 1404 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:48:20.0084 1404 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:48:20.0084 1404 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:48:20.0130 1404 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:48:20.0177 1404 lltdio - ok
18:48:20.0240 1404 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:48:20.0302 1404 lltdsvc - ok
18:48:20.0333 1404 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:48:20.0427 1404 lmhosts - ok
18:48:20.0505 1404 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:48:20.0536 1404 LSI_FC - ok
18:48:20.0567 1404 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:48:20.0598 1404 LSI_SAS - ok
18:48:20.0598 1404 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:48:20.0630 1404 LSI_SCSI - ok
18:48:20.0676 1404 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:48:20.0770 1404 luafv - ok
18:48:20.0817 1404 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:48:20.0848 1404 MBAMProtector - ok
18:48:21.0066 1404 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:48:21.0098 1404 MBAMScheduler - ok
18:48:21.0176 1404 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:48:21.0222 1404 MBAMService - ok
18:48:21.0300 1404 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:48:21.0394 1404 Mcx2Svc - ok
18:48:21.0441 1404 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:48:21.0472 1404 megasas - ok
18:48:21.0503 1404 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:48:21.0566 1404 MMCSS - ok
18:48:21.0581 1404 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:48:21.0644 1404 Modem - ok
18:48:21.0675 1404 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:48:21.0737 1404 monitor - ok
18:48:21.0768 1404 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:48:21.0784 1404 mouclass - ok
18:48:21.0815 1404 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:48:21.0893 1404 mouhid - ok
18:48:21.0924 1404 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:48:21.0956 1404 MountMgr - ok
18:48:22.0018 1404 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:48:22.0065 1404 MozillaMaintenance - ok
18:48:22.0112 1404 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:48:22.0143 1404 mpio - ok
18:48:22.0190 1404 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:48:22.0252 1404 mpsdrv - ok
18:48:22.0361 1404 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:48:22.0455 1404 MpsSvc - ok
18:48:22.0502 1404 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:48:22.0517 1404 Mraid35x - ok
18:48:22.0564 1404 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:48:22.0642 1404 MRxDAV - ok
18:48:22.0845 1404 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:22.0907 1404 mrxsmb - ok
18:48:22.0985 1404 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:23.0048 1404 mrxsmb10 - ok
18:48:23.0110 1404 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:23.0141 1404 mrxsmb20 - ok
18:48:23.0172 1404 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
18:48:23.0204 1404 msahci - ok
18:48:23.0344 1404 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:48:23.0360 1404 msdsm - ok
18:48:23.0391 1404 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:48:23.0469 1404 MSDTC - ok
18:48:23.0516 1404 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:48:23.0625 1404 Msfs - ok
18:48:23.0687 1404 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:48:23.0703 1404 msisadrv - ok
18:48:23.0734 1404 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:48:23.0812 1404 MSiSCSI - ok
18:48:23.0843 1404 msiserver - ok
18:48:23.0890 1404 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:48:23.0952 1404 MSKSSRV - ok
18:48:23.0999 1404 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:24.0062 1404 MSPCLOCK - ok
18:48:24.0077 1404 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:48:24.0140 1404 MSPQM - ok
18:48:24.0186 1404 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:48:24.0218 1404 MsRPC - ok
18:48:24.0249 1404 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:24.0280 1404 mssmbios - ok
18:48:24.0311 1404 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:48:24.0358 1404 MSTEE - ok
18:48:24.0389 1404 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:48:24.0436 1404 Mup - ok
18:48:24.0623 1404 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:48:24.0717 1404 napagent - ok
18:48:24.0779 1404 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:48:24.0857 1404 NativeWifiP - ok
18:48:24.0982 1404 [ 9576CC8E84F7CEDA9189CDDA1CFD4BC1 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:48:25.0044 1404 NBService ( UnsignedFile.Multi.Generic ) - warning
18:48:25.0044 1404 NBService - detected UnsignedFile.Multi.Generic (1)
18:48:25.0154 1404 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:48:25.0216 1404 NDIS - ok
18:48:25.0247 1404 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:25.0341 1404 NdisTapi - ok
18:48:25.0372 1404 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:25.0512 1404 Ndisuio - ok
18:48:25.0575 1404 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:25.0653 1404 NdisWan - ok
18:48:25.0653 1404 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:48:25.0700 1404 NDProxy - ok
18:48:25.0778 1404 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:48:25.0793 1404 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:48:25.0793 1404 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:48:25.0824 1404 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:48:25.0902 1404 NetBIOS - ok
18:48:25.0949 1404 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:48:25.0996 1404 netbt - ok
18:48:26.0058 1404 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:48:26.0090 1404 Netlogon - ok
18:48:26.0355 1404 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:48:26.0417 1404 Netman - ok
18:48:26.0464 1404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:48:26.0495 1404 NetMsmqActivator - ok
18:48:26.0495 1404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:48:26.0526 1404 NetPipeActivator - ok
18:48:26.0558 1404 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:48:26.0651 1404 netprofm - ok
18:48:26.0667 1404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:48:26.0682 1404 NetTcpActivator - ok
18:48:26.0698 1404 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:48:26.0729 1404 NetTcpPortSharing - ok
18:48:26.0854 1404 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
18:48:27.0088 1404 NETw3v32 - ok
18:48:27.0384 1404 [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
18:48:27.0728 1404 NETw4v32 - ok
18:48:27.0774 1404 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:48:27.0806 1404 nfrd960 - ok
18:48:27.0930 1404 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:48:28.0024 1404 NlaSvc - ok
18:48:28.0149 1404 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:48:28.0196 1404 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
18:48:28.0196 1404 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
18:48:28.0227 1404 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:48:28.0274 1404 Npfs - ok
18:48:28.0336 1404 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:48:28.0398 1404 nsi - ok
18:48:28.0414 1404 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:48:28.0492 1404 nsiproxy - ok
18:48:28.0679 1404 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:48:28.0835 1404 Ntfs - ok
18:48:28.0866 1404 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:48:29.0007 1404 ntrigdigi - ok
18:48:29.0085 1404 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:48:29.0178 1404 Null - ok
18:48:29.0210 1404 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:48:29.0241 1404 nvraid - ok
18:48:29.0256 1404 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:48:29.0288 1404 nvstor - ok
18:48:29.0303 1404 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:48:29.0334 1404 nv_agp - ok
18:48:29.0350 1404 NwlnkFlt - ok
18:48:29.0350 1404 NwlnkFwd - ok
18:48:29.0506 1404 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:48:29.0553 1404 odserv - ok
18:48:29.0600 1404 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:48:29.0724 1404 ohci1394 - ok
18:48:29.0818 1404 [ 5D6E8243445E1E8356C27EDD1FD76745 ] omniserv C:\Program Files\Softex\OmniPass\OmniServ.exe
18:48:29.0865 1404 omniserv ( UnsignedFile.Multi.Generic ) - warning
18:48:29.0865 1404 omniserv - detected UnsignedFile.Multi.Generic (1)
18:48:29.0927 1404 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:48:29.0943 1404 ose - ok
18:48:30.0005 1404 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:48:30.0177 1404 p2pimsvc - ok
18:48:30.0192 1404 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:48:30.0239 1404 p2psvc - ok
18:48:30.0286 1404 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:48:30.0426 1404 Parport - ok
18:48:30.0473 1404 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:48:30.0504 1404 partmgr - ok
18:48:30.0536 1404 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:48:30.0629 1404 Parvdm - ok
18:48:30.0676 1404 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:48:30.0770 1404 PcaSvc - ok
18:48:30.0816 1404 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:48:30.0848 1404 pci - ok
18:48:30.0879 1404 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
18:48:30.0910 1404 pciide - ok
18:48:30.0957 1404 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:48:30.0988 1404 pcmcia - ok
18:48:31.0050 1404 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:48:31.0253 1404 PEAUTH - ok
18:48:31.0378 1404 [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap C:\Windows\system32\DRIVERS\PhilCap.sys
18:48:31.0472 1404 PhilCap - ok
18:48:31.0550 1404 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:48:31.0752 1404 pla - ok
18:48:31.0846 1404 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:48:31.0940 1404 PlugPlay - ok
18:48:32.0002 1404 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:48:32.0018 1404 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:48:32.0018 1404 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:48:32.0080 1404 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:48:32.0127 1404 PNRPAutoReg - ok
18:48:32.0205 1404 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:48:32.0314 1404 PNRPsvc - ok
18:48:32.0501 1404 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:48:32.0548 1404 PolicyAgent - ok
18:48:32.0595 1404 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:48:32.0704 1404 PptpMiniport - ok
18:48:32.0751 1404 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:48:32.0860 1404 Processor - ok
18:48:32.0891 1404 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:48:32.0938 1404 ProfSvc - ok
18:48:32.0954 1404 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:48:32.0985 1404 ProtectedStorage - ok
18:48:33.0078 1404 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:48:33.0141 1404 PSched - ok
18:48:33.0219 1404 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:48:33.0328 1404 ql2300 - ok
18:48:33.0359 1404 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:48:33.0390 1404 ql40xx - ok
18:48:33.0422 1404 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:48:33.0468 1404 QWAVE - ok
18:48:33.0515 1404 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:48:33.0546 1404 QWAVEdrv - ok
18:48:33.0640 1404 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:48:33.0890 1404 R300 - ok
18:48:33.0968 1404 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:48:34.0030 1404 RapiMgr - ok
18:48:34.0077 1404 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:48:34.0124 1404 RasAcd - ok
18:48:34.0155 1404 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:48:34.0248 1404 RasAuto - ok
18:48:34.0280 1404 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:48:34.0342 1404 Rasl2tp - ok
18:48:34.0404 1404 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:48:34.0498 1404 RasMan - ok
18:48:34.0638 1404 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:48:34.0670 1404 RasPppoe - ok
18:48:34.0701 1404 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:48:34.0763 1404 RasSstp - ok
18:48:34.0794 1404 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:48:34.0888 1404 rdbss - ok
18:48:34.0966 1404 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:48:35.0013 1404 RDPCDD - ok
18:48:35.0060 1404 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:48:35.0153 1404 rdpdr - ok
18:48:35.0169 1404 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:48:35.0262 1404 RDPENCDD - ok
18:48:35.0294 1404 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:48:35.0356 1404 RDPWD - ok
18:48:35.0418 1404 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:48:35.0481 1404 RemoteAccess - ok
18:48:35.0528 1404 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:48:35.0621 1404 RemoteRegistry - ok
18:48:35.0684 1404 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:48:35.0730 1404 RichVideo - ok
18:48:35.0777 1404 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
18:48:35.0824 1404 RimUsb - ok
18:48:35.0855 1404 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:48:35.0933 1404 RpcLocator - ok
18:48:35.0980 1404 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:48:36.0042 1404 RpcSs - ok
18:48:36.0089 1404 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:48:36.0167 1404 rspndr - ok
18:48:36.0276 1404 [ 13E97CF38286B8A1D7605D3175DB28EE ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:48:36.0308 1404 RTL8169 - ok
18:48:36.0339 1404 [ D6D7C67A6DF41898D9CF11C734690254 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
18:48:36.0386 1404 RTSTOR - ok
18:48:36.0417 1404 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:48:36.0448 1404 SamSs - ok
18:48:36.0557 1404 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:48:36.0588 1404 sbp2port - ok
18:48:36.0635 1404 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:48:36.0698 1404 SCardSvr - ok
18:48:36.0776 1404 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:48:36.0869 1404 Schedule - ok
18:48:37.0025 1404 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:48:37.0072 1404 SCPolicySvc - ok
18:48:37.0228 1404 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:48:37.0290 1404 SDRSVC - ok
18:48:37.0493 1404 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
18:48:37.0509 1404 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
18:48:37.0509 1404 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
18:48:37.0571 1404 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:48:37.0665 1404 secdrv - ok
18:48:37.0696 1404 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:48:37.0758 1404 seclogon - ok
18:48:37.0774 1404 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:48:37.0852 1404 SENS - ok
18:48:37.0883 1404 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:48:37.0992 1404 Serenum - ok
18:48:38.0024 1404 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:48:38.0148 1404 Serial - ok
18:48:38.0258 1404 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:48:38.0320 1404 sermouse - ok
18:48:38.0492 1404 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:48:38.0554 1404 SessionEnv - ok
18:48:38.0585 1404 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:48:38.0694 1404 sffdisk - ok
18:48:38.0694 1404 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:48:38.0788 1404 sffp_mmc - ok
18:48:38.0866 1404 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:48:38.0944 1404 sffp_sd - ok
18:48:38.0991 1404 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:48:39.0084 1404 sfloppy - ok
18:48:39.0131 1404 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:48:39.0194 1404 SharedAccess - ok
18:48:39.0240 1404 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:48:39.0334 1404 ShellHWDetection - ok
18:48:39.0396 1404 [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
18:48:39.0428 1404 Si3531 - ok
18:48:39.0459 1404 [ E853C341BBF4AC0007A8DB0858DBB09D ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
18:48:39.0474 1404 SiFilter - ok
18:48:39.0490 1404 [ D80E6F142EB4963E82A8537DD745F51B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
18:48:39.0506 1404 SiRemFil - ok
18:48:39.0537 1404 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:48:39.0568 1404 SiSRaid2 - ok
18:48:39.0584 1404 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:48:39.0615 1404 SiSRaid4 - ok
18:48:39.0693 1404 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:48:39.0708 1404 SkypeUpdate - ok
18:48:39.0896 1404 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:48:40.0208 1404 slsvc - ok
18:48:40.0254 1404 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:48:40.0332 1404 SLUINotify - ok
18:48:40.0348 1404 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:48:40.0395 1404 Smb - ok
18:48:40.0442 1404 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:48:40.0473 1404 SNMPTRAP - ok
18:48:40.0956 1404 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:48:40.0972 1404 spldr - ok
18:48:41.0003 1404 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:48:41.0050 1404 Spooler - ok
18:48:41.0144 1404 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:48:41.0237 1404 srv - ok
18:48:41.0300 1404 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:48:41.0393 1404 srv2 - ok
18:48:42.0111 1404 [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
18:48:42.0314 1404 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
18:48:42.0314 1404 srvcPVR - detected UnsignedFile.Multi.Generic (1)
18:48:42.0376 1404 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:48:42.0407 1404 srvnet - ok
18:48:42.0454 1404 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:48:42.0516 1404 SSDPSRV - ok
18:48:42.0563 1404 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:48:42.0594 1404 SstpSvc - ok
18:48:42.0657 1404 [ 659C5615BC56737049AD5B03AE59467D ] stdriver C:\Windows\system32\DRIVERS\stdriverx86.sys
18:48:42.0672 1404 stdriver - ok
18:48:42.0735 1404 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:48:42.0813 1404 stisvc - ok
18:48:42.0860 1404 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:48:42.0875 1404 swenum - ok
18:48:42.0969 1404 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:48:43.0016 1404 swprv - ok
18:48:43.0062 1404 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:48:43.0094 1404 Symc8xx - ok
18:48:43.0109 1404 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:48:43.0125 1404 Sym_hi - ok
18:48:43.0140 1404 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:48:43.0172 1404 Sym_u3 - ok
18:48:43.0218 1404 [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:48:43.0250 1404 SynTP - ok
18:48:43.0281 1404 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:48:43.0374 1404 SysMain - ok
18:48:44.0061 1404 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:48:44.0154 1404 TabletInputService - ok
18:48:44.0326 1404 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:48:44.0451 1404 TapiSrv - ok
18:48:44.0482 1404 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:48:44.0560 1404 TBS - ok
18:48:44.0622 1404 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:48:44.0732 1404 Tcpip - ok
18:48:44.0763 1404 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:48:44.0841 1404 Tcpip6 - ok
18:48:44.0872 1404 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:48:44.0966 1404 tcpipreg - ok
18:48:45.0012 1404 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:48:45.0075 1404 TDPIPE - ok
18:48:45.0090 1404 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:48:45.0168 1404 TDTCP - ok
18:48:45.0215 1404 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:48:45.0309 1404 tdx - ok
18:48:45.0356 1404 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:48:45.0387 1404 TermDD - ok
18:48:45.0449 1404 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:48:45.0543 1404 TermService - ok
18:48:45.0605 1404 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:48:45.0652 1404 Themes - ok
18:48:45.0777 1404 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:48:45.0839 1404 THREADORDER - ok
18:48:45.0917 1404 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:48:45.0980 1404 TrkWks - ok
18:48:46.0042 1404 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:48:46.0073 1404 TrustedInstaller - ok
18:48:46.0120 1404 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:46.0198 1404 tssecsrv - ok
18:48:46.0245 1404 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:48:46.0292 1404 tunmp - ok
18:48:46.0323 1404 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:48:46.0401 1404 tunnel - ok
18:48:46.0432 1404 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:48:46.0463 1404 uagp35 - ok
18:48:46.0510 1404 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:48:46.0557 1404 udfs - ok
18:48:46.0604 1404 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:48:46.0697 1404 UI0Detect - ok
18:48:46.0728 1404 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:48:46.0760 1404 uliagpkx - ok
18:48:46.0806 1404 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:48:46.0838 1404 uliahci - ok
18:48:46.0853 1404 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:48:46.0884 1404 UlSata - ok
18:48:46.0916 1404 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:48:46.0947 1404 ulsata2 - ok
18:48:46.0978 1404 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:48:47.0056 1404 umbus - ok
18:48:47.0087 1404 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:48:47.0181 1404 upnphost - ok
18:48:47.0462 1404 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:48:47.0540 1404 USBAAPL - ok
18:48:47.0586 1404 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:48:47.0696 1404 usbaudio - ok
18:48:47.0742 1404 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:47.0805 1404 usbccgp - ok
18:48:47.0883 1404 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:48:47.0976 1404 usbcir - ok
18:48:48.0117 1404 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:48:48.0164 1404 usbehci - ok
18:48:48.0226 1404 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:48:48.0320 1404 usbhub - ok
18:48:48.0413 1404 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:48:48.0554 1404 usbohci - ok
18:48:48.0647 1404 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:48:48.0741 1404 usbprint - ok
18:48:48.0788 1404 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:48:48.0850 1404 usbscan - ok
18:48:48.0881 1404 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:48.0928 1404 USBSTOR - ok
18:48:48.0959 1404 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:48:49.0006 1404 usbuhci - ok
18:48:49.0037 1404 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:48:49.0146 1404 usbvideo - ok
18:48:49.0209 1404 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:48:49.0271 1404 usb_rndisx - ok
18:48:49.0334 1404 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:48:49.0412 1404 UxSms - ok
18:48:49.0443 1404 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:48:49.0505 1404 vds - ok
18:48:49.0552 1404 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:49.0646 1404 vga - ok
18:48:49.0817 1404 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:48:49.0942 1404 VgaSave - ok
18:48:50.0004 1404 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:48:50.0036 1404 viaagp - ok
18:48:50.0051 1404 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:48:50.0160 1404 ViaC7 - ok
18:48:50.0223 1404 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
18:48:50.0238 1404 viaide - ok
18:48:50.0285 1404 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:48:50.0316 1404 volmgr - ok
18:48:50.0363 1404 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:48:50.0394 1404 volmgrx - ok
18:48:50.0504 1404 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:48:50.0550 1404 volsnap - ok
18:48:50.0597 1404 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:48:50.0628 1404 vsmraid - ok
18:48:50.0675 1404 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:48:50.0800 1404 VSS - ok
18:48:50.0940 1404 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:48:51.0018 1404 W32Time - ok
18:48:51.0050 1404 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:48:51.0159 1404 WacomPen - ok
18:48:51.0252 1404 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:48:51.0299 1404 Wanarp - ok
18:48:51.0299 1404 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:48:51.0346 1404 Wanarpv6 - ok
18:48:51.0549 1404 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:48:51.0611 1404 WcesComm - ok
18:48:51.0658 1404 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:48:51.0720 1404 wcncsvc - ok
18:48:51.0783 1404 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:48:51.0876 1404 WcsPlugInService - ok
18:48:51.0908 1404 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:48:51.0939 1404 Wd - ok
18:48:51.0986 1404 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:48:52.0048 1404 Wdf01000 - ok
18:48:52.0095 1404 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:48:52.0173 1404 WdiServiceHost - ok
18:48:52.0173 1404 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:48:52.0235 1404 WdiSystemHost - ok
18:48:52.0360 1404 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:48:52.0391 1404 WebClient - ok
18:48:52.0438 1404 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:48:52.0500 1404 Wecsvc - ok
18:48:52.0547 1404 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:48:52.0625 1404 wercplsupport - ok
18:48:52.0703 1404 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:48:52.0828 1404 WerSvc - ok
18:48:52.0922 1404 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:48:52.0968 1404 WinDefend - ok
18:48:52.0984 1404 WinHttpAutoProxySvc - ok
18:48:53.0234 1404 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:48:53.0280 1404 Winmgmt - ok
18:48:53.0405 1404 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:48:53.0592 1404 WinRM - ok
18:48:53.0655 1404 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:48:53.0702 1404 winusb - ok
18:48:53.0748 1404 [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
18:48:53.0795 1404 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
18:48:53.0795 1404 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
18:48:53.0858 1404 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:48:53.0951 1404 Wlansvc - ok
18:48:53.0982 1404 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:48:54.0060 1404 WmiAcpi - ok
18:48:54.0138 1404 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:48:54.0185 1404 wmiApSrv - ok
18:48:54.0669 1404 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:48:54.0794 1404 WMPNetworkSvc - ok
18:48:54.0840 1404 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:48:54.0918 1404 WPCSvc - ok
18:48:54.0934 1404 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:48:54.0996 1404 WPDBusEnum - ok
18:48:55.0012 1404 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:48:55.0090 1404 WpdUsb - ok
18:48:55.0215 1404 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:48:55.0293 1404 WPFFontCache_v0400 - ok
18:48:55.0324 1404 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:48:55.0386 1404 ws2ifsl - ok
18:48:55.0418 1404 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:48:55.0449 1404 wscsvc - ok
18:48:55.0464 1404 WSearch - ok
18:48:55.0574 1404 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:48:55.0776 1404 wuauserv - ok
18:48:55.0839 1404 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:55.0948 1404 WUDFRd - ok
18:48:56.0244 1404 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:48:56.0307 1404 wudfsvc - ok
18:48:56.0354 1404 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
18:48:56.0369 1404 X10Hid - ok
18:48:56.0432 1404 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
18:48:56.0447 1404 x10nets ( UnsignedFile.Multi.Generic ) - warning
18:48:56.0447 1404 x10nets - detected UnsignedFile.Multi.Generic (1)
18:48:56.0463 1404 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
18:48:56.0494 1404 XUIF - ok
18:48:56.0525 1404 ================ Scan global ===============================
18:48:56.0572 1404 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:48:56.0619 1404 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:48:56.0650 1404 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:48:56.0697 1404 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:48:56.0712 1404 [Global] - ok
18:48:56.0712 1404 ================ Scan MBR ==================================
18:48:56.0744 1404 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:49:00.0051 1404 \Device\Harddisk0\DR0 - ok
18:49:00.0051 1404 ================ Scan VBR ==================================
18:49:00.0051 1404 [ E77DA805E64D0508CF7FA27CB90F38EB ] \Device\Harddisk0\DR0\Partition1
18:49:00.0051 1404 \Device\Harddisk0\DR0\Partition1 - ok
18:49:00.0129 1404 [ F5BBA773CC17D10C649B6715D81D63AD ] \Device\Harddisk0\DR0\Partition2
18:49:00.0144 1404 \Device\Harddisk0\DR0\Partition2 - ok
18:49:00.0144 1404 ============================================================
18:49:00.0144 1404 Scan finished
18:49:00.0144 1404 ============================================================
18:49:00.0160 3016 Detected object count: 17
18:49:00.0176 3016 Actual detected object count: 17
18:49:55.0150 3016 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0150 3016 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0150 3016 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0150 3016 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0150 3016 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0150 3016 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0150 3016 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0150 3016 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0166 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0166 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0166 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0166 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0166 3016 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0166 3016 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0166 3016 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0166 3016 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0181 3016 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0181 3016 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0181 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0181 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0181 3016 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0181 3016 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0197 3016 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0197 3016 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0197 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0197 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0197 3016 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0197 3016 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0197 3016 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0197 3016 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0212 3016 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0212 3016 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:49:55.0212 3016 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:49:55.0212 3016 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.01.2013, 12:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-Creator Ist unauffällig  adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Trojaner nach Update von pdf-Creator |
|
28.01.2013, 18:53
| #7 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus, danke für deine Hilfe. TDssKiller hatte ein paar suspekte Objekte gefunden. Oder ist das harmlos? Und wie kann ich nun diesen blöden  PDFCreator loswerden. Der lässt sich ja nicht mehr löschen weil die Datei beschädigt ist.hier der Scan von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 18:41:28 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\*****\AppData\Local\Babylon
Ordner Gefunden : C:\Users\*****\AppData\Local\Conduit
Ordner Gefunden : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gefunden : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Ordner Gefunden : C:\Users\*****\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\*****\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\*****\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\*****\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\Conduit
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\CT2736476
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\Smartbar
Ordner Gefunden : C:\Users\*****\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v8.0 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\prefs.js
Gefunden : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CTID", "ct2481020");
Gefunden : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue Apr 20 2010 00:23:50 GMT+0200");
Gefunden : user_pref("CT2475029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CurrentServerDate", "19-4-2010");
Gefunden : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gefunden : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Wed Apr 14 2010 09:25:32 GMT+0200");
Gefunden : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201073583");
Gefunden : user_pref("CT2475029.EMailNotifierPollDate", "Tue Apr 20 2010 00:28:54 GMT+0200");
Gefunden : user_pref("CT2475029.ExternalComponentPollDate129077842555155326", "Tue Apr 20 2010 00:23:50 GMT+020[...]
Gefunden : user_pref("CT2475029.ExternalComponentPollDate129078508355624514", "Sat Feb 20 2010 11:49:39 GMT+010[...]
Gefunden : user_pref("CT2475029.FeedPollDate129076849370150342", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850042182211", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850596400916", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850791868756", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076852434375419", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076853083906444", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076854010937606", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855068438037", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855340312884", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855597344292", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855883906472", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856408281730", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856723281882", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856982969262", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076857229219583", "Mon Apr 19 2010 22:35:25 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076857478587121", "Tue Apr 20 2010 00:23:53 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076858014837073", "Tue Apr 20 2010 00:23:54 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137419319063373", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137419319063374", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137435445312162", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137435445312163", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137435445312164", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137435445312165", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate6244576560869056615", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561015434053", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561386746076", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561414772911", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561420903218", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561602550763", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561619886036", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561754984581", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561797886832", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561811548356", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561872249134", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561930219330", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576561981855850", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562037116008", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562041692017", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562207067564", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562230147241", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562294787742", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562356557644", "Sat Feb 20 2010 11:49:46 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562442400632", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562443695659", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562504191975", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562833836505", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562864286456", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562875617752", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576562959235652", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563001642200", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563032567449", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563042939011", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563120943592", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563149812339", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563275725470", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563336850582", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563398664519", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563491628460", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563508458497", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563736132084", "Sat Feb 20 2010 11:49:46 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563919782085", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563926653077", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576563995598288", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564023582060", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564025306008", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564149391022", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564240601882", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564283815262", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564295923619", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564370576533", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564539739037", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564541982906", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564713374620", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564879189886", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedPollDate6244576564901169500", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gefunden : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Gefunden : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Gefunden : user_pref("CT2475029.FeedTTL129076856723281882", 5);
Gefunden : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Gefunden : user_pref("CT2475029.FeedTTL129137419319063373", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137419319063374", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137435445312162", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137435445312163", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137435445312164", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137435445312165", 40);
Gefunden : user_pref("CT2475029.FeedTTL6244576560869056615", 30);
Gefunden : user_pref("CT2475029.FeedTTL6244576561420903218", 60);
Gefunden : user_pref("CT2475029.FeedTTL6244576561619886036", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576561754984581", 1440);
Gefunden : user_pref("CT2475029.FeedTTL6244576561930219330", 30);
Gefunden : user_pref("CT2475029.FeedTTL6244576561981855850", 5);
Gefunden : user_pref("CT2475029.FeedTTL6244576562037116008", 30);
Gefunden : user_pref("CT2475029.FeedTTL6244576562041692017", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576562442400632", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576562443695659", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576562875617752", 5);
Gefunden : user_pref("CT2475029.FeedTTL6244576563042939011", 1);
Gefunden : user_pref("CT2475029.FeedTTL6244576563149812339", 60);
Gefunden : user_pref("CT2475029.FeedTTL6244576563336850582", 10);
Gefunden : user_pref("CT2475029.FeedTTL6244576563398664519", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576563508458497", 5);
Gefunden : user_pref("CT2475029.FeedTTL6244576563919782085", 5);
Gefunden : user_pref("CT2475029.FeedTTL6244576564283815262", 2);
Gefunden : user_pref("CT2475029.FeedTTL6244576564539739037", 15);
Gefunden : user_pref("CT2475029.FeedTTL6244576564901169500", 15);
Gefunden : user_pref("CT2475029.FirstServerDate", "20-2-2010");
Gefunden : user_pref("CT2475029.FirstTime", true);
Gefunden : user_pref("CT2475029.FirstTimeFF3", true);
Gefunden : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2475029.GroupingLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gefunden : user_pref("CT2475029.GroupingLastErrorCode", "");
Gefunden : user_pref("CT2475029.GroupingLastResponse", true);
Gefunden : user_pref("CT2475029.GroupingLastServerUpdateTime", "129156505860200000");
Gefunden : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2475029.Initialize", true);
Gefunden : user_pref("CT2475029.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2475029.InstalledDate", "Sat Feb 20 2010 11:49:38 GMT+0100");
Gefunden : user_pref("CT2475029.IsGrouping", true);
Gefunden : user_pref("CT2475029.IsMulticommunity", true);
Gefunden : user_pref("CT2475029.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2475029.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2475029.LanguagePackLastCheckTime", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gefunden : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2475029.LastLogin_2.5.6.0", "Mon Apr 19 2010 22:30:24 GMT+0200");
Gefunden : user_pref("CT2475029.LatestVersion", "2.1.0.18");
Gefunden : user_pref("CT2475029.Locale", "en");
Gefunden : user_pref("CT2475029.LoginCache", 4);
Gefunden : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2475029.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2475029.RadioIsPodcast", false);
Gefunden : user_pref("CT2475029.RadioMediaID", "9951");
Gefunden : user_pref("CT2475029.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT2475029_RECENT9951");
Gefunden : user_pref("CT2475029.RadioShrinked", "expanded");
Gefunden : user_pref("CT2475029.RadioStationName", "Rap");
Gefunden : user_pref("CT2475029.RadioStationURL", "hxxp://www.defjay.com/listen.asx");
Gefunden : user_pref("CT2475029.RadioVolume", "25");
Gefunden : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2475029.SearchBoxWidth", 100);
Gefunden : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gefunden : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2475029.SettingsLastCheckTime", "Sat Feb 20 2010 11:49:37 GMT+0100");
Gefunden : user_pref("CT2475029.SettingsLastUpdate", "1266241977");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Sat Feb 20 2010 11:49:37 GMT+0100");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1266241977");
Gefunden : user_pref("CT2475029.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2475029.UserID", "UN94952696720468486");
Gefunden : user_pref("CT2475029.ValidationData_Search", 0);
Gefunden : user_pref("CT2475029.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2475029.WeatherNetwork", "");
Gefunden : user_pref("CT2475029.WeatherPollDate", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gefunden : user_pref("CT2475029.WeatherUnit", "C");
Gefunden : user_pref("CT2475029.clientLogIsEnabled", true);
Gefunden : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 831);
Gefunden : user_pref("CT2475029.ct2481020.FeedLastCount129137419315157090", 298);
Gefunden : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129160525112030000");
Gefunden : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Gefunden : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Mon Apr 19 2010 10:30:28 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.Locale", "de");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Mon Apr 19 2010 10:30:26 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Gefunden : user_pref("CT2475029.ct2481020.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gefunden : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Tue Apr 20 2010 00:23:50 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1271571711");
Gefunden : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Sun Apr 04 2010 20:32:37 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1269365470");
Gefunden : user_pref("CT2475029.myStuffEnabled", true);
Gefunden : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2736476.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2736476.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2736476.FirstTime", "true");
Gefunden : user_pref("CT2736476.FirstTimeFF3", "true");
Gefunden : user_pref("CT2736476.LoginRevertSettingsEnabled", false);
Gefunden : user_pref("CT2736476.RevertSettingsEnabled", true);
Gefunden : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Gefunden : user_pref("CT2736476.UserID", "UN88670402713808950");
Gefunden : user_pref("CT2736476.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2736476.autoDisableScopes", -1);
Gefunden : user_pref("CT2736476.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2736476.defaultSearch", "true");
Gefunden : user_pref("CT2736476.embeddedsData", "[{\"appId\":\"129257551953665476\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2736476.enableAlerts", "always");
Gefunden : user_pref("CT2736476.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2736476.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2736476.fixPageNotFoundError", "true");
Gefunden : user_pref("CT2736476.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2736476.fixUrls", true);
Gefunden : user_pref("CT2736476.installId", "freeware_Toolbar_setup.exe");
Gefunden : user_pref("CT2736476.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2736476.isCheckedStartAsHidden", true);
Gefunden : user_pref("CT2736476.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2736476.isFirstTimeToolbarLoading", "false");
Gefunden : user_pref("CT2736476.isNewTabEnabled", true);
Gefunden : user_pref("CT2736476.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2736476.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2736476.keyword", true);
Gefunden : user_pref("CT2736476.migrateAppsAndComponents", true);
Gefunden : user_pref("CT2736476.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Flogout.webde.uim[...]
Gefunden : user_pref("CT2736476.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2736476.openThankYouPage", "false");
Gefunden : user_pref("CT2736476.openUninstallPage", "true");
Gefunden : user_pref("CT2736476.search.searchAppId", "129257551953665476");
Gefunden : user_pref("CT2736476.search.searchCount", "0");
Gefunden : user_pref("CT2736476.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2736476.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2736476.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2736476.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_app.twitter.user-dieternuhr_lastUpdate", "1359043209441")[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_app.twitter.user-freeware_blog_lastUpdate", "135904320916[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_app.twitter.user-heiseonline_lastUpdate", "1359043209108"[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_app.twitter.user-jamie_oliver_lastUpdate", "1359043209236[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_app.twitter.user-spiegel_eil_lastUpdate", "1359043209283"[...]
Gefunden : user_pref("CT2736476.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359043323797");
Gefunden : user_pref("CT2736476.serviceLayer_services_appTracking_lastUpdate", "1353934048596");
Gefunden : user_pref("CT2736476.serviceLayer_services_appsMetadata_lastUpdate", "1359043204200");
Gefunden : user_pref("CT2736476.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359043323517");
Gefunden : user_pref("CT2736476.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346691612358");
Gefunden : user_pref("CT2736476.serviceLayer_services_login_10.10.27.6_lastUpdate", "1355156244345");
Gefunden : user_pref("CT2736476.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359043323744");
Gefunden : user_pref("CT2736476.serviceLayer_services_searchAPI_lastUpdate", "1359043323433");
Gefunden : user_pref("CT2736476.serviceLayer_services_serviceMap_lastUpdate", "1359043203322");
Gefunden : user_pref("CT2736476.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359043323456");
Gefunden : user_pref("CT2736476.serviceLayer_services_toolbarSettings_lastUpdate", "1359043204128");
Gefunden : user_pref("CT2736476.serviceLayer_services_translation_lastUpdate", "1359043204149");
Gefunden : user_pref("CT2736476.settingsINI", true);
Gefunden : user_pref("CT2736476.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2736476.smartbar.CTID", "CT2736476");
Gefunden : user_pref("CT2736476.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2736476.smartbar.homepage", true);
Gefunden : user_pref("CT2736476.smartbar.toolbarName", "Freeware.de ");
Gefunden : user_pref("CT2736476.toolbarBornServerTime", "3-9-2012");
Gefunden : user_pref("CT2736476.toolbarCurrentServerTime", "1-1-2013");
Gefunden : user_pref("CT2736476.upgradeFromClearSBVersion", true);
Gefunden : user_pref("CT2736476_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 19 2010 10:30:24 GMT+0200");
Gefunden : user_pref("CommunityToolbar.twitter.user_19345231.LastCheckTime", "Tue Apr 20 2010 03:35:24 GMT+0200[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_[...]
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2736476");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=101538");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "86571b63000000000000001b77e60c18");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15406");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 24);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:02:16");
Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gefunden : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 97603723);
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:02:16");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101538");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "86571b63000000000000001b77e60c18");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "86571b63000000000000001b77e60c18");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15406");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:16");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.enabledAddons", "{91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7,ffxtlbr@babylon.[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=[...]
Gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gefunden : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Gefunden : user_pref("smartbar.originalSearchEngine", "Search the web (Babylon)");
-\\ Google Chrome v24.0.1312.56
Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.16] : homepage = "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18",
Gefunden [l.2082] : homepage = "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18",
*************************
AdwCleaner[R1].txt - [43378 octets] - [28/01/2013 18:41:28]
########## EOF - C:\AdwCleaner[R1].txt - [43439 octets] ##########
|
|
28.01.2013, 23:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-Creator adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2013, 13:45
| #9 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus, hier nun die Log-files. adwcleaner: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 29/01/2013 um 12:01:08 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\*****\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Ordner Gelöscht : C:\Users\*****\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\CT2736476
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\staged
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\Smartbar
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v8.0 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\prefs.js
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wq2tz0vd.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CTID", "ct2481020");
Gelöscht : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue Apr 20 2010 00:23:50 GMT+0200");
Gelöscht : user_pref("CT2475029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CurrentServerDate", "19-4-2010");
Gelöscht : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Wed Apr 14 2010 09:25:32 GMT+0200");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201073583");
Gelöscht : user_pref("CT2475029.EMailNotifierPollDate", "Tue Apr 20 2010 00:28:54 GMT+0200");
Gelöscht : user_pref("CT2475029.ExternalComponentPollDate129077842555155326", "Tue Apr 20 2010 00:23:50 GMT+020[...]
Gelöscht : user_pref("CT2475029.ExternalComponentPollDate129078508355624514", "Sat Feb 20 2010 11:49:39 GMT+010[...]
Gelöscht : user_pref("CT2475029.FeedPollDate129076849370150342", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850042182211", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850596400916", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850791868756", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076852434375419", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076853083906444", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076854010937606", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855068438037", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855340312884", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855597344292", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855883906472", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856408281730", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856723281882", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856982969262", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857229219583", "Mon Apr 19 2010 22:35:25 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857478587121", "Tue Apr 20 2010 00:23:53 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076858014837073", "Tue Apr 20 2010 00:23:54 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137419319063373", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137419319063374", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312162", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312163", "Tue Apr 20 2010 00:23:51 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312164", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137435445312165", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576560869056615", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561015434053", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561386746076", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561414772911", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561420903218", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561602550763", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561619886036", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561754984581", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561797886832", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561811548356", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561872249134", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561930219330", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576561981855850", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562037116008", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562041692017", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562207067564", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562230147241", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562294787742", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562356557644", "Sat Feb 20 2010 11:49:46 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562442400632", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562443695659", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562504191975", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562833836505", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562864286456", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562875617752", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576562959235652", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563001642200", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563032567449", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563042939011", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563120943592", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563149812339", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563275725470", "Sat Feb 20 2010 11:49:47 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563336850582", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563398664519", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563491628460", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563508458497", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563736132084", "Sat Feb 20 2010 11:49:46 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563919782085", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563926653077", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576563995598288", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564023582060", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564025306008", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564149391022", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564240601882", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564283815262", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564295923619", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564370576533", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564539739037", "Sat Feb 20 2010 11:49:42 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564541982906", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564713374620", "Sat Feb 20 2010 11:49:45 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564879189886", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedPollDate6244576564901169500", "Sat Feb 20 2010 11:49:44 GMT+0100");
Gelöscht : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076856723281882", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129137419319063373", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137419319063374", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312162", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312163", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312164", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137435445312165", 40);
Gelöscht : user_pref("CT2475029.FeedTTL6244576560869056615", 30);
Gelöscht : user_pref("CT2475029.FeedTTL6244576561420903218", 60);
Gelöscht : user_pref("CT2475029.FeedTTL6244576561619886036", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576561754984581", 1440);
Gelöscht : user_pref("CT2475029.FeedTTL6244576561930219330", 30);
Gelöscht : user_pref("CT2475029.FeedTTL6244576561981855850", 5);
Gelöscht : user_pref("CT2475029.FeedTTL6244576562037116008", 30);
Gelöscht : user_pref("CT2475029.FeedTTL6244576562041692017", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576562442400632", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576562443695659", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576562875617752", 5);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563042939011", 1);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563149812339", 60);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563336850582", 10);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563398664519", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563508458497", 5);
Gelöscht : user_pref("CT2475029.FeedTTL6244576563919782085", 5);
Gelöscht : user_pref("CT2475029.FeedTTL6244576564283815262", 2);
Gelöscht : user_pref("CT2475029.FeedTTL6244576564539739037", 15);
Gelöscht : user_pref("CT2475029.FeedTTL6244576564901169500", 15);
Gelöscht : user_pref("CT2475029.FirstServerDate", "20-2-2010");
Gelöscht : user_pref("CT2475029.FirstTime", true);
Gelöscht : user_pref("CT2475029.FirstTimeFF3", true);
Gelöscht : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2475029.GroupingLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gelöscht : user_pref("CT2475029.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.GroupingLastServerUpdateTime", "129156505860200000");
Gelöscht : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2475029.Initialize", true);
Gelöscht : user_pref("CT2475029.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2475029.InstalledDate", "Sat Feb 20 2010 11:49:38 GMT+0100");
Gelöscht : user_pref("CT2475029.IsGrouping", true);
Gelöscht : user_pref("CT2475029.IsMulticommunity", true);
Gelöscht : user_pref("CT2475029.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2475029.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2475029.LanguagePackLastCheckTime", "Sat Feb 20 2010 11:49:41 GMT+0100");
Gelöscht : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2475029.LastLogin_2.5.6.0", "Mon Apr 19 2010 22:30:24 GMT+0200");
Gelöscht : user_pref("CT2475029.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2475029.Locale", "en");
Gelöscht : user_pref("CT2475029.LoginCache", 4);
Gelöscht : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2475029.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2475029.RadioIsPodcast", false);
Gelöscht : user_pref("CT2475029.RadioMediaID", "9951");
Gelöscht : user_pref("CT2475029.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT2475029_RECENT9951");
Gelöscht : user_pref("CT2475029.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2475029.RadioStationName", "Rap");
Gelöscht : user_pref("CT2475029.RadioStationURL", "hxxp://www.defjay.com/listen.asx");
Gelöscht : user_pref("CT2475029.RadioVolume", "25");
Gelöscht : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2475029.SearchBoxWidth", 100);
Gelöscht : user_pref("CT2475029.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2475029.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2475029.SettingsLastCheckTime", "Sat Feb 20 2010 11:49:37 GMT+0100");
Gelöscht : user_pref("CT2475029.SettingsLastUpdate", "1266241977");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Sat Feb 20 2010 11:49:37 GMT+0100");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1266241977");
Gelöscht : user_pref("CT2475029.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2475029.UserID", "UN94952696720468486");
Gelöscht : user_pref("CT2475029.ValidationData_Search", 0);
Gelöscht : user_pref("CT2475029.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2475029.WeatherNetwork", "");
Gelöscht : user_pref("CT2475029.WeatherPollDate", "Tue Apr 20 2010 00:23:52 GMT+0200");
Gelöscht : user_pref("CT2475029.WeatherUnit", "C");
Gelöscht : user_pref("CT2475029.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2475029.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 831);
Gelöscht : user_pref("CT2475029.ct2481020.FeedLastCount129137419315157090", 298);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129160525112030000");
Gelöscht : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Mon Apr 19 2010 10:30:28 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.Locale", "de");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Mon Apr 19 2010 10:30:26 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gelöscht : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Mon Apr 19 2010 10:30:23 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Tue Apr 20 2010 00:23:50 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1271571711");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Sun Apr 04 2010 20:32:37 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1269365470");
Gelöscht : user_pref("CT2475029.myStuffEnabled", true);
Gelöscht : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2475029.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2736476.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2736476.FirstTime", "true");
Gelöscht : user_pref("CT2736476.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2736476.LoginRevertSettingsEnabled", false);
Gelöscht : user_pref("CT2736476.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Gelöscht : user_pref("CT2736476.UserID", "UN88670402713808950");
Gelöscht : user_pref("CT2736476.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2736476.autoDisableScopes", -1);
Gelöscht : user_pref("CT2736476.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2736476.defaultSearch", "true");
Gelöscht : user_pref("CT2736476.embeddedsData", "[{\"appId\":\"129257551953665476\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2736476.enableAlerts", "always");
Gelöscht : user_pref("CT2736476.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2736476.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2736476.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2736476.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2736476.fixUrls", true);
Gelöscht : user_pref("CT2736476.installId", "freeware_Toolbar_setup.exe");
Gelöscht : user_pref("CT2736476.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2736476.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2736476.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2736476.isNewTabEnabled", true);
Gelöscht : user_pref("CT2736476.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2736476.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2736476.keyword", true);
Gelöscht : user_pref("CT2736476.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2736476.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.amazon.de%2[...]
Gelöscht : user_pref("CT2736476.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.openThankYouPage", "false");
Gelöscht : user_pref("CT2736476.openUninstallPage", "true");
Gelöscht : user_pref("CT2736476.search.searchAppId", "129257551953665476");
Gelöscht : user_pref("CT2736476.search.searchCount", "0");
Gelöscht : user_pref("CT2736476.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2736476.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_app.twitter.user-dieternuhr_lastUpdate", "1359399817090")[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_app.twitter.user-freeware_blog_lastUpdate", "135939981672[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_app.twitter.user-heiseonline_lastUpdate", "1359399817589"[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_app.twitter.user-jamie_oliver_lastUpdate", "1359399816922[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_app.twitter.user-spiegel_eil_lastUpdate", "1359399816933"[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359043323797");
Gelöscht : user_pref("CT2736476.serviceLayer_services_appTracking_lastUpdate", "1353934048596");
Gelöscht : user_pref("CT2736476.serviceLayer_services_appsMetadata_lastUpdate", "1359398310441");
Gelöscht : user_pref("CT2736476.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359043323517");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346691612358");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.10.27.6_lastUpdate", "1355156244345");
Gelöscht : user_pref("CT2736476.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359043323744");
Gelöscht : user_pref("CT2736476.serviceLayer_services_searchAPI_lastUpdate", "1359398310668");
Gelöscht : user_pref("CT2736476.serviceLayer_services_serviceMap_lastUpdate", "1359398309697");
Gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359043323456");
Gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarSettings_lastUpdate", "1359398310499");
Gelöscht : user_pref("CT2736476.serviceLayer_services_translation_lastUpdate", "1359398310747");
Gelöscht : user_pref("CT2736476.settingsINI", true);
Gelöscht : user_pref("CT2736476.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2736476.smartbar.CTID", "CT2736476");
Gelöscht : user_pref("CT2736476.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2736476.smartbar.homepage", true);
Gelöscht : user_pref("CT2736476.smartbar.toolbarName", "Freeware.de ");
Gelöscht : user_pref("CT2736476.toolbarBornServerTime", "3-9-2012");
Gelöscht : user_pref("CT2736476.toolbarCurrentServerTime", "1-1-2013");
Gelöscht : user_pref("CT2736476.upgradeFromClearSBVersion", true);
Gelöscht : user_pref("CT2736476_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 19 2010 10:30:24 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.twitter.user_19345231.LastCheckTime", "Tue Apr 20 2010 03:35:24 GMT+0200[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2736476");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=101538");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "86571b63000000000000001b77e60c18");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15406");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 28);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:02:16");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 97960440);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:02:16");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101538");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "86571b63000000000000001b77e60c18");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "86571b63000000000000001b77e60c18");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15406");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:16");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.enabledAddons", "{91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7,ffxtlbr@babylon.[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Gelöscht : user_pref("smartbar.originalSearchEngine", "Search the web (Babylon)");
-\\ Google Chrome v24.0.1312.56
Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.16] : homepage = "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18",
Gelöscht [l.2082] : homepage = "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18",
*************************
AdwCleaner[R1].txt - [43509 octets] - [28/01/2013 18:41:28]
AdwCleaner[S1].txt - [43096 octets] - [29/01/2013 12:01:08]
########## EOF - C:\AdwCleaner[S1].txt - [43157 octets] ##########
|
|
29.01.2013, 13:47
| #10 |
| | Trojaner nach Update von pdf-Creator und hier die von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2013 12:21:55 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***** *****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 41,90 Gb Free Space | 34,18% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: **********-PC | User Name: ***** ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***** *****\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll ()
MOD - C:\Programme\AntiBrowserSpy\Commons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\scureapp.exe ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\scuredll.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\*****~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG )
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
[2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Extensions
[2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.29 12:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions
[2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi
[2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml
[2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml
[2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml
[2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml
[2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml
[2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml
[2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml
[2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{7E111A5C-3D11-4F56-9463-5310C3C69025}
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.2_0\
CHR - Extension: Google-Suche = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Summer Fields = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.27 18:45:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***** *****\Desktop\tdsskiller (1).exe
[2013.01.27 11:40:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***** *****\Desktop\aswMBR.exe
[2013.01.25 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\***** *****\Desktop\mbar
[2013.01.23 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\***** *****\Documents\HEALTH
[2013.01.20 20:26:37 | 000,000,000 | ---D | C] -- C:\Users\***** *****\***** Backup
[2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***** *****\Desktop\OTL (2).exe
[2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\***** *****\AppData\Roaming\Malwarebytes
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:04:10 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2013.01.15 13:04:10 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2013.01.15 13:04:03 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2013.01.15 13:04:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2013.01.15 13:04:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.01.14 15:14:55 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.14 15:14:55 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.14 15:14:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.14 15:14:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.14 15:14:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9
[2013.01.09 16:18:51 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 16:18:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e
[2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967
[2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\***** *****\kis12.0.0.374de (1).exe
========== Files - Modified Within 30 Days ==========
[2013.01.29 12:20:01 | 000,002,273 | ---- | M] () -- C:\Users\***** *****\Desktop\Google Chrome.lnk
[2013.01.29 12:08:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 12:08:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 12:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.29 12:07:51 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.29 12:02:11 | 000,000,096 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:34:05 | 000,580,235 | ---- | M] () -- C:\Users\***** *****\Desktop\adwcleaner.exe
[2013.01.27 18:45:53 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***** *****\Desktop\tdsskiller (1).exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | M] () -- C:\Users\***** *****\Desktop\MBR.dat
[2013.01.27 11:42:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***** *****\Desktop\aswMBR.exe
[2013.01.25 16:16:12 | 013,462,931 | ---- | M] () -- C:\Users\***** *****\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 17:08:30 | 357,145,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\***** *****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***** *****\Desktop\OTL (2).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\***** *****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst
[2013.01.14 15:13:27 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.14 15:13:12 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.14 15:13:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.14 15:13:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.14 15:13:11 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.14 15:13:11 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013.01.29 12:01:30 | 000,000,096 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:33:51 | 000,580,235 | ---- | C] () -- C:\Users\***** *****\Desktop\adwcleaner.exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | C] () -- C:\Users\***** *****\Desktop\MBR.dat
[2013.01.25 16:15:18 | 013,462,931 | ---- | C] () -- C:\Users\***** *****\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\***** *****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\***** *****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst
[2012.12.21 11:58:28 | 000,002,780 | ---- | C] () -- C:\Users\***** *****\.recently-used.xbel
[2012.11.28 18:43:28 | 000,059,617 | ---- | C] () -- C:\Users\***** *****\*****-184328.png
[2012.11.28 18:38:14 | 000,003,095 | ---- | C] () -- C:\Users\***** *****\*****.htm
[2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\***** *****\AppData\Local\d3d9caps.dat
[2012.10.30 12:05:58 | 000,052,398 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2012.10.30 12:05:13 | 000,143,085 | ---- | C] () -- C:\Users\***** *****\TK-***** (1).pdf
[2012.10.30 12:02:38 | 000,143,085 | ---- | C] () -- C:\Users\***** *****\TK-*****.pdf
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.08.07 23:03:33 | 000,011,815 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.08.07 21:46:23 | 000,013,057 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.08.07 21:44:16 | 000,005,847 | ---- | C] () -- C:\Users\***** *****\*****_20120807215157 ***** *****.pdf
[2012.08.07 21:43:18 | 000,011,355 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\***** *****\***** ***** *****.pdf
[2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\***** *****\*****.JPG
[2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\***** *****\*****.JPG
[2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\***** *****\BILD1177.JPG
[2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\***** *****\BILD1179.JPG
[2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\***** *****\BILD1181.JPG
[2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\***** *****\BILD1182.JPG
[2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\***** *****\BILD1180.JPG
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp
[2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp
[2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat
[2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\***** *****\*****_kl.gif
[2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\***** *****\ebay 2.jpg
[2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\***** *****\ebay 1.jpg
[2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\***** *****\AppData\Local\WebpageIcons.db
[2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\***** *****\AppData\Roaming\wklnhst.dat
[2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\***** *****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\***** *****\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 833 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
@Alternate Data Stream - 685 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
@Alternate Data Stream - 1013 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
< End of report >
OTL extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.01.2013 12:21:55 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 41,90 Gb Free Space | 34,18% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B06E698-1115-4F29-A822-AAA517EBDE6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43978C33-0533-4C09-93C6-59DAC4C7736B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BF88C15-5AF4-473D-B96D-5EA87BCCC078}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D34CE02B-4070-4368-93F2-83213C802A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB3AD40-A93F-4172-8E57-5D8FD63E1BE8}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs4f53\hpdiagnosticcoreui.exe |
"{23BC97C0-600D-49FB-8F06-27DDFF7DD64D}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs4f53\hpdiagnosticcoreui.exe |
"{28EE64B6-1F7C-4931-932B-24531583AFAE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2E9D9C0B-0137-483D-B92A-CD530592F3E6}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{3BA65083-3F97-464C-9EF6-4EA2B59F3CCD}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{4682DF48-CFFE-4CCA-B159-F49E0820F5EA}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs573b\hpdiagnosticcoreui.exe |
"{5242F66A-32D3-40BD-BA15-A09FD5BA67F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{60505A7B-3169-4F1B-8861-5AF7DC97698A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8918E140-CE4B-4788-AD10-FDD1CA51EAF3}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs573b\hpdiagnosticcoreui.exe |
"{A09338A2-CC74-4A5A-9F57-928168995000}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{A1A7410C-1A25-41EC-A810-A2AFE6882E15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C506E5A5-7C23-4494-A775-3FFC02C984AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDBEB067-3760-4F26-9C32-2F4450F24E14}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D3F621DE-87B2-4E08-84D5-54D40B6CEF8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F3289106-9270-44C2-A8C5-5B3A4BDB0EFF}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe |
"{F736CADE-D8C1-4572-BE47-619F692260B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F88D2146-E7DB-4AD7-A844-DCD4E2292B3C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32DAD205-9831-4319-9DF6-B7789C36FC0C}" = Auerswald COMset 2.7.1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5DE161B8-9114-436C-96F3-DCD42651D94B}" = Lexware Elster
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A5A288-9614-4E59-93A9-4DDB895FFA10}" = Auerswald COMlist 2.5.1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}" = AuthenTec Fingerprint Sensor Minimum Install
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}" = Stampit Home
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADB0EDCF-6A4E-4EA9-B57E-FD7434F18B79}" = Auerswald COMtools 2.3.1
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.8
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.74
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"DivX Setup" = DivX-Setup
"ElsterFormular 12.3.2.6814k" = ElsterFormular-Update
"ElsterFormular 13.1.1.8479k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.3.5.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.02" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Inkscape" = Inkscape 0.47
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LameACM" = LameACM
"LetsTrade" = LetsTrade Komponenten
"LogoMaker_is1" = LogoMaker 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Formulare 3" = PDF Formulare 3
"Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter
"RealPlayer 15.0" = RealPlayer
"Scribus 1.3.6" = Scribus 1.3.6
"SearchAnonymizer" = SearchAnonymizer
"SmartToolsFalz- und Lochmarken-Assistentv5.00" = SmartTools Publishing • Word Falz- und Lochmarken-Assistent
"SoundTap" = SoundTap Streaming Audio Recorder
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.0.3
"Trillian" = Trillian
"TUGZip_is1" = TUGZip 3.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.8
"X10Hardware" = X10 Hardware(TM)
"XviD" = XviD MPEG-4 Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2011 02:41:44 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xc38, Anwendungsstartzeit 01cc6a0483098e3d.
Error - 03.09.2011 10:37:10 | Computer Name = *****-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode
finden Sie in den Daten.)
Error - 03.09.2011 10:37:21 | Computer Name = *****-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
Fehler Receive Connection (0x80070005) fehlgeschlagen. (Weitere Infos zum Fehlercode
finden Sie in den Daten.)
[ OSession Events ]
Error - 24.02.2010 16:31:56 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2891 seconds with 2700 seconds of active time. This session ended with a
crash.
Error - 25.02.2010 08:37:24 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 144 seconds with 120 seconds of active time. This session ended with a crash.
Error - 25.02.2010 14:21:47 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 6202 seconds with 2100 seconds of active time. This session ended with a
crash.
Error - 26.02.2010 12:45:24 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3737 seconds with 2400 seconds of active time. This session ended with a
crash.
Error - 12.04.2010 04:53:15 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1748
seconds with 1260 seconds of active time. This session ended with a crash.
Error - 28.10.2011 11:09:33 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2873
seconds with 540 seconds of active time. This session ended with a crash.
Error - 11.06.2012 08:57:02 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14326
seconds with 4980 seconds of active time. This session ended with a crash.
Error - 10.07.2012 06:51:21 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12241
seconds with 3900 seconds of active time. This session ended with a crash.
Error - 12.07.2012 10:26:38 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8245
seconds with 600 seconds of active time. This session ended with a crash.
Error - 09.11.2012 02:51:59 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58416
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.01.2013 05:51:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2013 07:01:23 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2013 12:03:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.01.2013 12:05:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2013 12:05:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.01.2013 14:43:14 | Computer Name = *****-PC | Source = DCOM | ID = 10005
Description =
Error - 28.01.2013 14:43:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.01.2013 07:09:31 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2013 07:11:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.01.2013 07:11:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
29.01.2013, 14:46
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-Creator Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 19:43
| #12 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus, herzlichen Dank für Deine Hilfe und die Zeit.  Ich habe nicht gesehen dass es zwei Seiten gibt und dachte die ganze Zeit ich hätte noch keine Antwort erhalten.  Hier die LOG-file vom Quick-Scan / Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 *** :: ***-PC [Administrator] 06.02.2013 12:06:35 mbam-log-2013-02-06 (12-06-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 259061 Laufzeit: 21 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=9f9b9887fea53e4992ea818a5db61569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-06 04:39:28
# local_time=2013-02-06 05:39:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1285 16777214 100 100 13416463 56492718 0 0
# compatibility_mode=5892 16776573 100 100 24921 197701496 0 0
# scanned=270438
# found=0
# cleaned=0
# scan_time=17538
Mittlerweile hatte ich vor ein paar Tagen eine neue Meldung von Kaspersky erhalten, dass ein trojanisches Programm gefunden worden sei und inaktiviert worden ist. Name: HEUR:Trojan.Script.Generic Reicht es wenn Kaspersky es auf den Status inaktiv gesetzt hat oder muss ich noch etwas unternehmen? Bei Kaspersky selbst bekomme ich keine hilfreiche Antwort. Danke noch einmal vielmals!!! Kathy |
|
06.02.2013, 21:48
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-CreatorZitat:
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.02.2013, 16:15
| #14 |
| | Trojaner nach Update von pdf-Creator Hallo cosinus, Danke für die hilfreichen Tipps bezüglich Cookies und Rest. Das muss ich mir in der Tat noch zulegen weil Kaspersky da leider nicht reicht. Und bei kostenlosen Programmen wie pdfCreator werde ich in Zukunft vorsichtig sein. Weitere Probleme habe ich nicht, außer dem was ich schon erwähnt hatte. Ich hatte angenommen dass die Suche mit Malwarebytes und der online-scan mit ESET zeigen würden ob etwas neues wie z.B. der neue Fund von Kaspersky da ist und schädlich sein kann. Ist es dann richtig dass Malwarebytes oder ESET mir das hätten anzeigen müssen?  |
|
08.02.2013, 20:51
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach Update von pdf-CreatorZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner nach Update von pdf-Creator |
| abelssoft, adobe, avp.exe, babylontoolbar, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, home, hotkey.sys, internet, kaspersky, kaspersky quarantäne, launch, logfile, nodrives, pdf creator, pdf trojaner, plug-in, programm, programme, realtek, registry, search the web, security, senden, software, tastatur, temp, trojaner, usb |
Linear-Darstellung
