| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach Update von pdf-CreatorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.01.2013, 15:07
| #1 |
 |  Trojaner nach Update von pdf-Creator Hallo liebes Forum, das ist meiner zweiter Anlauf nachdem ich mein Kennwort vergessen habe. Deshalb hier noch einmal mein Posting vom 17.01.2013. Habe folgendes Problem. WIN/VISTA mit Kaspersky Internet Security / Browser: Chrome Seit zwei Monaten benutze ich pdfCreator. Alles war in Ordnung bis jetzt. Als ich vor zwei Tagen das Programm manuell öffnen wollte, wies mich ein öffnendes Fenster auf ein vorher notwendiges Update hin, dem ich auch zugestimmt habe. Nach dem Update erhielt ich eine Meldung von Kaspersky, dass ein Trojaner namens PDM.trojan.generic von pdfCreator unter Quarantäne gesetzt worden sei. So weit so gut, als ich dann aber nach diesem Problem mit pdfCreator im Internet gesucht habe, sah ich dass es weitgehender ist. Ich habe später versucht pdfCreator zu löschen, was aber nicht geht weil die Datei beschädigt ist. Habe auch Anti-Malware von Malwarebytes installiert und laufen lassen. Der hat tatsächlich zwei Viren-Dateien von PUP.Adware.Agent gefunden und gelöscht. Aber diesen Trojaner von pdf Forge nicht erkannt. Problem eins: ich kann dieses b..... Programm (pdfCreator) nicht löschen Problem zwei: reicht es wenn Kaspersky den Trojaner unter Quarantäne setzt? Oder habe ich dadurch weitere Probleme im Hintergrund? Bin mit den anderen Postings nicht so sehr zurecht gekommen weil ich nicht so mit den Begriffen vertraut bin. Habe aber alle Schritte die ihr Anfängern ratet, durchgeführt. Hier die Textdateien aus den Scans: Eine Extras-Datei hat OTL aber nicht angelegt. OTL Code:
ATTFilter
OTL logfile created on: 16.01.2013 11:12:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,88% Memory free
4,21 Gb Paging File | 2,65 Gb Available in Paging File | 62,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 44,13 Gb Free Space | 36,00% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: RACHELFOREST-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\*****\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll ()
MOD - C:\Programme\AntiBrowserSpy\Commons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\ContextHandler.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\scureapp.exe ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\scuredll.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\opfsdll.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Programme\TUGZip\TzShell.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\RACHEL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG )
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=86571b63000000000000001b77e60c18
IE - HKCU\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D454441&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: {7e111a5c-3d11-4f56-9463-5310c3c69025}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q="
FF - user.js..browser.search.openintab: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
[2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.12 11:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions
[2012.12.12 11:04:22 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.04.07 08:42:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012.04.07 00:27:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\ffxtlbr@babylon.com
[2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi
[2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.10 17:15:51 | 000,000,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\conduit.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-1.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml
[2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml
[2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml
[2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml
[2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-2.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-3.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml
[2011.05.12 17:05:24 | 000,001,120 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin.xml
[2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\Search_Results.xml
[2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml
[2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml
[2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.07 14:01:45 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.01 19:14:59 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=48&sspv=CHOB18
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.3_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Babylon Translator = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Summer Fields = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Freeware.de = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.18.20_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe
[2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9
[2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e
[2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967
[2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\*****\de (1).exe
========== Files - Modified Within 30 Days ==========
[2013.01.16 10:43:30 | 000,002,273 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe
[2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 09:29:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL (2).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst
[2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 21:34:24 | 000,035,783 | ---- | M] () -- C:\Users\*****\Documents\Muster Best. mündl. Kündigung.rtf
[2012.12.21 11:58:28 | 000,002,780 | ---- | M] () -- C:\Users\*****\.recently-used.xbel
========== Files Created - No Company Name ==========
[2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\*****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst
[2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\*****\Bilder Strassenverlauf .pdf
[2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\*****\BILD1178.JPG
[2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\*****\BILD1176.JPG
[2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\*****\BILD1177.JPG
[2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\*****\BILD1179.JPG
[2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\*****\BILD1181.JPG
[2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\*****\BILD1182.JPG
[2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\*****\BILD1180.JPG
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\*****\ust 4. quartal.pdf
[2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp
[2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp
[2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat
[2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\*****\bibi4_kl.gif
[2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\*****\ebay 2.jpg
[2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\*****\ebay 1.jpg
[2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\*****\E-Porto Journal.pdf
[2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.05 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2012.01.21 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AntiBrowserSpy 2009
[2010.08.11 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avanquest
[2011.08.02 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avery
[2012.01.16 17:46:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2010.11.19 17:53:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\concept design
[2013.01.15 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2011.11.26 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\elsterformular
[2011.02.13 01:10:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.01.16 17:53:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Free PDF to Word Converter
[2011.07.13 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN
[2012.11.28 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2010.07.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2012.11.02 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Image Zone Express
[2010.05.10 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\inkscape
[2010.06.17 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\klickTel
[2012.04.02 13:57:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware
[2010.01.27 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LogoMaker
[2011.05.12 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2011.05.12 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2013.01.15 13:04:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge
[2012.04.04 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Printer Info Cache
[2010.03.25 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SAD_OffV10
[2010.03.02 23:21:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scribus
[2012.01.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Smart PDF Converter
[2010.08.17 23:04:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SmartTools
[2012.01.21 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softland
[2010.10.20 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max3
[2010.11.17 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4
[2012.12.09 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SWiSH Max4 DEU
[2011.09.26 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2010.01.25 19:54:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2010.06.17 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2011.07.20 10:26:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\UDC Profiles
[2010.03.05 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2010.12.17 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 833 bytes -> C:\Users\*****\Documents\ - Ihre Bestellbestätigung.eml:OECustomProperty
@Alternate Data Stream - 685 bytes -> C:\Users\*****\Documents\Re .eml:OECustomProperty
@Alternate Data Stream - 1013 bytes -> C:\Users\*****\Documents\Käuferschutz TS zur Bestellung bei.eml:OECustomProperty
< End of report >
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-16 19:19:17
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\****~1\AppData\Local\Temp\kfkdaaog.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9475F28A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x94779342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x94779678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x947799EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9475FD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9477902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x94760276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x94760164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x947794E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9475F046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9476038E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9475F8BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x947795B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9476074E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9475FD46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94761750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x94760840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x94760DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x94777840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x94760308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x947601F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9475F4C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x94760B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x94760420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9475F3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9476055C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x94777A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x947610D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x947609E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x947797DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9477972A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x94779848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x947615F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x947791B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9475FBA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x947605FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x94761222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x94761316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x94761450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x94760670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9475F664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9475F5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94760F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9475F750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9475FA2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x947604A6]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 119 87EEB7DC 4 Bytes [8A, F2, 75, 94] {MOV DH, DL; JNZ 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 13D 87EEB800 8 Bytes [42, 93, 77, 94, 78, 96, 77, ...] {INC EDX; XCHG EBX, EAX; JA 0xffffff98; JS 0xffffff9c; JA 0xffffff9c}
.text ntkrnlpa.exe!KeSetEvent + 181 87EEB844 4 Bytes [EE, 99, 77, 94] {OUT DX, AL; CDQ ; JA 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 1A9 87EEB86C 4 Bytes [04, FD, 75, 94] {ADD AL, 0xfd; JNZ 0xffffff98}
.text ntkrnlpa.exe!KeSetEvent + 1C1 87EEB884 4 Bytes [2A, 90, 77, 94]
.text ...
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 75ADA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823
---- EOF - GMER 2.0 ----
Code:
ATTFilter
www.malwarebytes.org
Datenbank Version: v2013.01.15.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
***** :: *****-PC [Administrator]
Schutz: Aktiviert
15.01.2013 14:38:01
mbam-log-2013-01-15 (14-38-01).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 470198
Laufzeit: 2 Stunde(n), 14 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\*****\Downloads\secret_things.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\slip_away.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.23.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 ***** :: *****-PC [Administrator] Schutz: Aktiviert 24.01.2013 11:47:00 mbam-log-2013-01-24 (11-47-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 465400 Laufzeit: 2 Stunde(n), 31 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) kat76hy2 |
| Themen zu Trojaner nach Update von pdf-Creator |
| abelssoft, adobe, avp.exe, babylontoolbar, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, home, hotkey.sys, internet, kaspersky, kaspersky quarantäne, launch, logfile, nodrives, pdf creator, pdf trojaner, plug-in, programm, programme, realtek, registry, search the web, security, senden, software, tastatur, temp, trojaner, usb |
Baum-Darstellung