| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kaspersky findet trojanisches Programm HEUR:Trojan.Script.genericWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2013, 18:37
| #1 |
 |  Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic Hallo liebes Forum, als ich vor ein paar Tagen Mozilla Firefox öffnete, kam die Meldung von Kaspersky, dass oben angegebenes Programm gefunden worden ist. Kaspersky hat dieses Programm auf inaktiv gesetzt. Heißt das jetzt dass es trotzdem auf meinem PC ist und ich etwas unternehmen muss? Auf Kaspersky.de finde ich keine ausreichende Hilfestellung. Bitte helft mir. Danke euch im voraus. kathy hier der LOG von defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:12 on 01/02/2013 (Rachel Forest)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
OTL logfile created on: 01.02.2013 15:14:19 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,16% Memory free
4,22 Gb Paging File | 2,68 Gb Available in Paging File | 63,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 43,57 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll ()
MOD - C:\Programme\AntiBrowserSpy\Commons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\ContextHandler.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\scureapp.exe ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\scuredll.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\opfsdll.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Programme\TUGZip\TzShell.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\RACHEL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG )
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
[2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.29 12:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions
[2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi
[2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml
[2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml
[2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml
[2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml
[2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml
[2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml
[2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml
[2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{7E111A5C-3D11-4F56-9463-5310C3C69025}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.3_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Summer Fields = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.29 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.01.29 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2013.01.27 18:45:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller (1).exe
[2013.01.27 11:40:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.25 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.01.23 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HEALTH
[2013.01.20 20:26:37 | 000,000,000 | ---D | C] -- C:\Users\***\*** Backup
[2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL (2).exe
[2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9
[2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e
[2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967
[2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\***\kis12.0.0.374de (1).exe
========== Files - Modified Within 30 Days ==========
[2013.02.01 15:05:46 | 000,002,271 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.02.01 14:25:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:25:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 12:25:10 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.29 16:44:38 | 000,001,661 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.29 12:02:11 | 000,000,096 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:34:05 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.27 18:45:53 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller (1).exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.01.27 11:42:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.25 16:16:12 | 013,462,931 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 17:08:30 | 357,145,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL (2).exe
[2013.01.15 22:36:32 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger (1).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst
[2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013.01.29 16:44:38 | 000,001,661 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.29 12:01:30 | 000,000,096 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:33:51 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.01.25 16:15:18 | 013,462,931 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:36:32 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger (1).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst
[2012.12.21 11:58:28 | 000,002,780 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.11.28 18:43:28 | 000,059,617 | ---- | C] () -- C:\Users\***\***-***-184328.png
[2012.11.28 18:38:14 | 000,003,095 | ---- | C] () -- C:\Users\***\***-***.htm
[2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.10.30 12:05:58 | 000,052,398 | ---- | C] () -- C:\Users\***\*** ***.pdf
[2012.10.30 12:05:13 | 000,143,085 | ---- | C] () -- C:\Users\***\*** (1).pdf
[2012.10.30 12:02:38 | 000,143,085 | ---- | C] () -- C:\Users\***\***.pdf
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.08.07 23:03:33 | 000,011,815 | ---- | C] () -- C:\Users\***\***_***_***.pdf
[2012.08.07 21:46:23 | 000,013,057 | ---- | C] () -- C:\Users\***\***_***_***.pdf
[2012.08.07 21:44:16 | 000,005,847 | ---- | C] () -- C:\Users\***\*** *** ***.pdf
[2012.08.07 21:43:18 | 000,011,355 | ---- | C] () -- C:\Users\***\***_***_***.pdf
[2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\***\Bilder ***.pdf
[2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\***\BILD1178.JPG
[2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\***\BILD1176.JPG
[2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\***\BILD1177.JPG
[2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\***\BILD1179.JPG
[2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\***\BILD1181.JPG
[2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\***\BILD1182.JPG
[2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\***\BILD1180.JPG
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\***\***.pdf
[2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp
[2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp
[2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat
[2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\***\***_kl.gif
[2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\***\***.jpg
[2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\***\***. 1.jpg
[2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\***\E-Porto Journal.pdf
[2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.05 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.01.21 22:27:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AntiBrowserSpy 2009
[2010.08.11 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avanquest
[2011.08.02 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avery
[2010.11.19 17:53:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2013.01.15 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2011.11.26 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.13 01:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.16 17:53:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free PDF to Word Converter
[2011.07.13 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2012.11.28 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.07.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.11.02 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2010.05.10 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2010.06.17 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2012.04.02 13:57:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2010.01.27 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogoMaker
[2011.05.12 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2011.05.12 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.04.04 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2010.03.25 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SAD_OffV10
[2010.03.02 23:21:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus
[2012.01.16 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart PDF Converter
[2010.08.17 23:04:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2012.01.21 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland
[2010.10.20 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWiSH Max3
[2010.11.17 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWiSH Max4
[2012.12.09 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWiSH Max4 DEU
[2011.09.26 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.01.25 19:54:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.06.17 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.07.20 10:26:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2010.03.05 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2010.12.17 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.03.14 19:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\***
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 833 bytes -> C:\Users\***\Documents\***.eml:OECustomProperty
@Alternate Data Stream - 685 bytes -> C:\Users\***\Documents\Re ***.eml:OECustomProperty
@Alternate Data Stream - 1013 bytes -> C:\Users\***\Documents\***.de.eml:OECustomProperty
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-02-01 18:11:49
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kfkdaaog.sys
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823
---- EOF - GMER 2.0 ----
|
|
01.02.2013, 18:46
| #2 |
| /// Helfer-Team  | Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic Warum machst du hier nicht weiter?
__________________
__________________ |
|
04.02.2013, 19:47
| #3 |
| | Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic Hallo t´john,
__________________ich weiß leider nicht was du genau meinst? Wo soll ich weitermachen und mit was? BfG Kathy |
|
05.02.2013, 03:39
| #4 |
| /// Helfer-Team | Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic Sorry, Links vergessen: http://www.trojaner-board.de/130017-...ml#post1001041 Oder ist das ein anderer Rechner? |
|
05.04.2013, 07:29
| #5 |
| /// Helfer-Team | Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic |
| abelssoft, adobe, avp.exe, bho, bonjour, defender, error, firefox, format, ftp, heur, heur:trojan.script.generic, heur:trojan.script.generic:kaspersky:trojaner:mozilla firefox:, home, homepage, hotkey.sys, kaspersky, kis, launch, logfile, mozilla, nodrives, plug-in, programm, realtek, registry, scan, security, senden, software, tastatur, trojan.script.generic, trojanisches programm, usb, vista |
Linear-Darstellung
