| |
| |||||||
Log-Analyse und Auswertung: Email Anhang geöffnet!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.02.2013, 23:46
| #16 |
 |  Email Anhang geöffnet! Habe es jetzt aufgeklappt. Die die nicht beschriftet habe sind glaube ich vom System schon so drauf gewesen. Also ab kaufdatum. Die stören mich auch nicht wenn die draufbleiben. So in Ordnung? |
|
20.02.2013, 18:00
| #17 |
| /// Malware-holic   | Email Anhang geöffnet! wo ist die überarbeitete liste?
__________________
__________________ |
|
20.02.2013, 23:45
| #18 |
| | Email Anhang geöffnet! Überarbeitet!? Die programme ohne eintrag sagte ich doch das es von anfang an da waren. Oder willst du das ich bei alle was reinschreibe?
__________________ |
|
21.02.2013, 17:57
| #19 |
| /// Malware-holic | Email Anhang geöffnet! aber hier ist doch keine überarbeitete liste. ich wollte das du das notwendig von der programmversion trennst, weil das alles so zusammengeklatscht is und man es so schlecht lesen kann
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2013, 11:12
| #20 |
| | Email Anhang geöffnet!Code:
ATTFilter Adobe Flash Player 11 Plugin NOTWENDIG Adobe Reader XI (11.0.01) - Deutsch NOTWENDIG Alps Pointing-device for VAIO ArcSoft WebCam Companion 3 Bing-Desktop unnötig CCleaner NOTWENDIG CDBurnerXP NOTWENDIG ChatON Alarm NOTWENDIG Corel WinDVD NOTWENDIG EPSON Scan NOTWENDIG EPSON-Drucker-Software NOTWENDIG Google Chrome NOTWENDIG Google Toolbar for Internet Explorer UNNÖTIG Intel(R) PROSet/Wireless WiFi-Software Intel(R) Turbo Boost Technology Driver Intel® Matrix Storage Manager IZArc 4.1.7 NOTWENDIG Java 7 Update 15 NOTWENDIG Kaspersky Internet Security 2013 NOTWENDIG KeyScrambler NOTWENDIG Malwarebytes Anti-Malware NOTWENDIG Microsoft .NET Framework 4 Client Profile NOTWENDIG Microsoft .NET Framework 4 Client Profile DEU Language Pack NOTWENDIG Microsoft Office File Validation Add-In NOTWENDIG Microsoft Office Live Add-in 1.5 NOTWENDIG Microsoft Office Professional Plus 2007 NOTWENDIG Microsoft Silverlight NOTWENDIG Microsoft SQL Server 2005 Compact Edition [ENU] MozBackup 1.5.1 NOTWENDIG Mozilla Firefox 19.0 (x86 de) NOTWENDIG Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec unbekannt NVIDIA Drivers Panda USB Vaccine 1.0.1.4 NOTWENDIG Realtek High Definition Audio Driver Roxio Easy Media Creator 10 LJ Samsung Kies NOTWENDIG SAMSUNG USB Driver for Mobile Phones NOTWENDIG Setting Utility Series Sony Corporation VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO Energie Verwaltung VAIO Event Service VAIO Gate vAIO Gate Default VAIO Marketing Tools VAIO Premium Partners VAIO screensaver VAIO Smart Network VAIO Update VAIO Wallpaper Contents VAIO Window Organizer VAIO-Support für Übertragungen VLC media player 2.0.5 WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth Windows Driver Package - Broadcom HIDClass Windows Live Anmelde-Assistent Windows Live Essentials Windows Live Sync Windows Live-Uploadtool Ciao Roberto |
|
25.02.2013, 18:27
| #21 |
| /// Malware-holic | Email Anhang geöffnet! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bing Google Toolbar MyFreeCodec Öffne CCleaner, analysieren,s tarten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ --> Email Anhang geöffnet! |
|
25.02.2013, 22:12
| #22 |
| | Email Anhang geöffnet! Hab alles bis zum adw cleaner gemacht. Wusste nicht ob du dich vertippt hast. Habe beim adwcleaner auf suchen gemacht. Das kam raus. Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 21:58:35 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Juve1 - JUVE1-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Juve1\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Juve1\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\Juve1\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2137 octets] - [25/02/2013 21:58:35]
AdwCleaner[S1].txt - [335 octets] - [25/02/2013 21:57:53]
########## EOF - C:\AdwCleaner[R1].txt - [2256 octets] ##########
|
|
25.02.2013, 22:16
| #23 |
| /// Malware-holic | Email Anhang geöffnet! ja, drücke löschen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 22:21
| #24 |
| | Email Anhang geöffnet! Ok hab auf löschen gedrückt. Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 22:17:55 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Juve1 - JUVE1-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Juve1\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Juve1\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Juve1\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2323 octets] - [25/02/2013 21:58:35]
AdwCleaner[R2].txt - [2383 octets] - [25/02/2013 22:17:45]
AdwCleaner[S1].txt - [335 octets] - [25/02/2013 21:57:53]
AdwCleaner[S2].txt - [2318 octets] - [25/02/2013 22:17:55]
########## EOF - C:\AdwCleaner[S2].txt - [2378 octets] ##########
|
|
25.02.2013, 22:42
| #25 |
| /// Malware-holic | Email Anhang geöffnet! Adware. HitmanPro - Download - Filepony lade bitte Hitmanpro doppelklick, Lizenz, Testlizenz. auf Scan, nichts löschen. auf weiter, Log als xml exportieren, und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 23:06
| #26 |
| | Email Anhang geöffnet! Hier der log. [CODE] Code:
ATTFilter HitmanPro 3.7.2.189
www.hitmanpro.com
Computer name . . . . : JUVE1-VAIO
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Juve1-VAIO\Juve1
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-02-25 22:56:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 30s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 109
Objects scanned . . . : 1.516.967
Files scanned . . . . : 26.682
Remnants scanned . . : 492.161 files / 998.124 keys
Cookies _____________________________________________________________________
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.betradar.com
C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:247realmedia.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.124-template.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.360yield.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.adc-serv.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.adnet.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.adserver01.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.movad.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ad.zanox.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adbrite.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ads.ad4game.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ads.p161.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ads.pubmatic.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ads.rcs.it
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adserver.adworxs.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adserver.directcorp.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adtech.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adtechus.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:advertising.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:adverts.creativemark.co.uk
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:apmebf.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ar.atwola.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:at.atwola.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:atdmt.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:atwola.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:barilla.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:burstnet.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:c1.atdmt.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:casalemedia.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:citronitalia.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:collective-media.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:de.sitestat.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:deutschepostag.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:doubleclick.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:emjcd.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:facileit.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:fastclick.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:guj.122.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:in.getclicky.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:invitemedia.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:kabelbw.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:kaspersky.122.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:kontera.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:media6degrees.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:mediaplex.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:microsoftsto.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:mm.chitika.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:oracle.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:overture.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:paypal.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:peugeot2.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:pg2.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:questionmarket.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:realmedia.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:revsci.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ru4.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:samsung3.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:secure.img-cdn.mediaplex.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:serving-sys.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:smartadserver.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:sonyeurope.112.2o7.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:sonypictures.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:specificclick.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:stat.dealtime.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:statcounter.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:stats.betradar.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:stats.computecmedia.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:stats.paypal.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:swatch.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:tacoda.at.atwola.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:track.adform.net
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:track.effiliation.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:track.hubrus.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:track.webstatistik-bw.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:tradedoubler.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:tribalfusion.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:turkishairlines3.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:vodafoneit.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:weboramaitdata.solution.weborama.fr
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:www.etracker.de
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:www.googleadservices.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:www6.smartadserver.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:xiti.com
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:yadro.ru
C:\Users\Juve1\AppData\Roaming\Mozilla\Firefox\Profiles\p1d0emrt.default\cookies.sqlite:yieldmanager.net
Und jetzt? |
|
25.02.2013, 23:20
| #27 |
| /// Malware-holic | Email Anhang geöffnet! ist ok. neues otl log bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 16:26
| #28 |
| | Email Anhang geöffnet! Habe laut http://www.trojaner-board.de/85104-o...-oldtimer.html den log gemacht. Hier ist er Code:
ATTFilter OTL logfile created on: 26.02.2013 15:39:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juve1\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,15% Memory free 7,84 Gb Paging File | 5,66 Gb Available in Paging File | 72,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 459,55 Gb Total Space | 357,92 Gb Free Space | 77,88% Space Free | Partition Type: NTFS Computer Name: JUVE1-VAIO | User Name: Juve1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Juve1\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security) PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{49802374-3D82-4AA2-9084-2831FD53CB1D}: "URL" = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{DF9553EE-4F9F-47D9-9F35-2426AD424BFC}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{E89D0315-8952-4E2E-A5AE-722E13B62142}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC IE - HKCU\..\SearchScopes\{F810C698-9431-429B-AF9A-68C3C449F7F0}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tuttosport.com/" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: keyscrambler%40qfx.software.corporation:2.9.3.0 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.ftp: "93.57.100.228" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "93.57.100.228" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "93.57.100.228" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "93.57.100.228" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.01.19 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.19 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.01.19 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.01.19 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.01.19 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:32:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:32:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.18 23:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juve1\AppData\Roaming\mozilla\Extensions [2013.02.24 14:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions [2013.01.30 18:34:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.02.24 14:51:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.17 23:00:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions\foxyproxy@eric.h.jung [2013.01.18 23:59:00 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions\ich@maltegoetz.de [2013.01.19 00:07:44 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Juve1\AppData\Roaming\mozilla\Firefox\Profiles\p1d0emrt.default\extensions\keyscrambler@qfx.software.corporation [2013.02.10 08:59:33 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\extensions\stealthyextension@gmail.com.xpi [2012.12.15 18:19:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.24 19:20:44 | 000,002,273 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\englische-ergebnisse.xml [2013.01.24 19:20:44 | 000,010,563 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\gmx-suche.xml [2013.01.24 19:20:44 | 000,002,432 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\lastminute.xml [2013.01.24 19:20:44 | 000,005,545 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\webde-suche.xml [2013.02.20 10:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 00:07:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.02.20 10:32:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.tuttosport.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.tuttosport.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Docs = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: HTTPS Everywhere = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.1.18_0\ CHR - Extension: AdBlock = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Ghostery = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\ CHR - Extension: Google Mail = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Juve1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [ChatON Alarm] C:\Program Files (x86)\Samsung\ChatON\ChatON Alarm File not found O4 - HKCU..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFE.EXE /FU "C:\Windows\TEMP\E_S5450.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\Juve1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24865046-379A-4788-8CD7-4FE6D4D7474C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB8C9484-BDD0-485F-9085-847F9BF303D0}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 15:38:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Juve1\Desktop\OTL.exe [2013.02.25 22:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.02.25 22:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.02.25 22:54:37 | 009,511,456 | ---- | C] (SurfRight B.V.) -- C:\Users\Juve1\Desktop\HitmanPro_x64.exe [2013.02.25 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.02.22 00:36:40 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\HandBrake [2013.02.22 00:35:39 | 000,000,000 | ---D | C] -- C:\Users\Juve1\Desktop\dvd [2013.02.22 00:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.02.22 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\DVDVideoSoft [2013.02.22 00:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.02.22 00:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.02.22 00:17:52 | 034,027,096 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Juve1\Desktop\FreeDVDVideoConverter.exe [2013.02.21 23:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2013.02.21 23:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch [2013.02.21 23:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink DE [2013.02.21 23:45:28 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Users\Juve1\Desktop\dvdshrink.3.2.de._decss-frei_.setup.exe [2013.02.20 10:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.20 10:31:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.20 10:31:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.20 10:31:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.20 10:31:02 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.18 23:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.18 23:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.18 23:43:49 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Users\Juve1\Desktop\ccsetup327.exe [2013.02.17 17:23:45 | 000,000,000 | ---D | C] -- C:\satangels-updater-e2-oe2_1.4.3-20120728-r0_all [2013.02.17 11:42:53 | 000,000,000 | ---D | C] -- C:\VU+ Picons [2013.02.16 21:41:16 | 000,000,000 | ---D | C] -- C:\APK-Multi-Tool [2013.02.16 13:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatON [2013.02.14 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Juve1\apktool [2013.02.14 12:44:53 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013.02.14 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2013.02.13 16:13:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 16:13:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 16:13:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 16:13:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 16:13:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 16:13:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 16:13:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 16:13:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 16:13:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 16:13:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 16:13:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 16:13:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 16:13:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 16:13:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 16:13:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 16:12:18 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 16:12:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 16:12:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 16:12:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 16:12:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 16:12:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 16:12:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 16:12:15 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 16:12:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 16:12:13 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.12 15:29:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msinet.ocx [2013.02.12 15:29:40 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mswinsck.ocx [2013.02.10 11:12:45 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\Android [2013.02.06 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HumaxSmartSuite [2013.02.06 15:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HumaxSmartSuite [2013.02.06 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HumBox [2013.02.06 14:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Humax Digital [2013.02.06 14:29:23 | 000,085,384 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\drivers\ftser2k.sys [2013.02.06 14:29:23 | 000,065,416 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftcserco.dll [2013.02.06 14:29:23 | 000,055,176 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftserui2.dll [2013.02.05 15:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Humax Zone Uploader 2.0 [2013.02.05 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HumaxZoneUploader [2013.02.04 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\EPSON [2013.02.04 18:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2013.02.04 18:47:10 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2013.02.04 18:47:09 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMCFE.DLL [2013.02.04 18:47:09 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCFE.DLL [2013.02.04 18:45:07 | 000,083,968 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll [2013.02.04 18:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan [2013.02.04 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.02.04 18:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2013.02.04 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\Juve1\Desktop\Humax [2013.01.30 17:17:57 | 000,000,000 | ---D | C] -- C:\Users\Juve1\AppData\Roaming\vlc [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.26 15:42:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.26 15:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 15:38:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Juve1\Desktop\OTL.exe [2013.02.26 15:32:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.26 15:31:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 22:55:00 | 009,511,456 | ---- | M] (SurfRight B.V.) -- C:\Users\Juve1\Desktop\HitmanPro_x64.exe [2013.02.25 22:27:48 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 22:27:48 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 22:19:08 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 21:42:16 | 000,594,019 | ---- | M] () -- C:\Users\Juve1\Desktop\adwcleaner.exe [2013.02.25 16:34:03 | 000,168,663 | ---- | M] () -- C:\test.xml [2013.02.22 11:19:00 | 002,310,203 | ---- | M] () -- C:\Users\Juve1\Desktop\20130222_111509.jpg [2013.02.22 11:19:00 | 001,675,776 | ---- | M] () -- C:\Users\Juve1\Desktop\20130222_111528.jpg [2013.02.22 01:24:52 | 001,492,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 01:24:52 | 000,652,012 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 01:24:52 | 000,614,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 01:24:52 | 000,129,020 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 01:24:52 | 000,105,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.22 01:19:08 | 1474,615,628 | ---- | M] () -- C:\Users\Juve1\Desktop\Hochzeit Brattella 2006.avi [2013.02.22 01:19:08 | 000,039,424 | ---- | M] () -- C:\Users\Juve1\Documents\tmp_cover771.jpg [2013.02.22 00:34:38 | 000,001,347 | ---- | M] () -- C:\Users\Juve1\Desktop\Free DVD Video Converter.lnk [2013.02.22 00:34:38 | 000,001,243 | ---- | M] () -- C:\Users\Juve1\Desktop\DVDVideoSoft Free Studio.lnk [2013.02.22 00:18:33 | 034,027,096 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\Juve1\Desktop\FreeDVDVideoConverter.exe [2013.02.21 23:46:16 | 000,001,082 | ---- | M] () -- C:\Users\Juve1\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk [2013.02.21 23:45:35 | 001,258,692 | ---- | M] (DVD Shrink ) -- C:\Users\Juve1\Desktop\dvdshrink.3.2.de._decss-frei_.setup.exe [2013.02.21 23:42:25 | 001,094,021 | ---- | M] () -- C:\Users\Juve1\Desktop\dvdshrink32setup.zip [2013.02.20 13:13:09 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.20 13:13:09 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.20 10:30:50 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.20 10:30:50 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.20 10:30:50 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.20 10:30:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.20 10:30:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.20 10:30:50 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.18 23:43:56 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Users\Juve1\Desktop\ccsetup327.exe [2013.02.16 21:41:03 | 005,806,160 | ---- | M] () -- C:\Users\Juve1\Desktop\APK-Multi-Tool-Stable-RELEASE.zip [2013.02.14 14:42:00 | 003,081,315 | ---- | M] () -- C:\Users\Juve1\Desktop\Android-Hilfe.de App.apk [2013.02.14 12:50:11 | 000,071,134 | ---- | M] () -- C:\Users\Juve1\Desktop\fehlermeldung beim hochfahren.png [2013.02.13 20:26:14 | 000,095,428 | ---- | M] () -- C:\Windows\SysNative\s000001.dat [2013.02.13 20:16:30 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt [2013.02.13 20:16:27 | 000,000,102 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt [2013.02.13 17:23:42 | 000,415,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.12 07:30:01 | 000,344,064 | ---- | M] (Steganos GmbH) -- C:\Users\Juve1\Documents\Password2.exe [2013.02.10 11:10:06 | 034,614,812 | ---- | M] () -- C:\Users\Juve1\Desktop\NOVO App_1.5.apk [2013.02.10 09:31:26 | 004,024,188 | ---- | M] () -- C:\Users\Juve1\Desktop\Shazam_3.9.0-BB73852.apk [2013.02.08 07:28:18 | 000,144,834 | ---- | M] () -- C:\Users\Juve1\Desktop\WirelessKeyView_1.60.zip [2013.02.07 17:57:51 | 000,577,944 | ---- | M] () -- C:\Windows\SysNative\s000000.dat [2013.02.05 09:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013.02.05 09:54:40 | 000,037,344 | ---- | M] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.25 21:42:09 | 000,594,019 | ---- | C] () -- C:\Users\Juve1\Desktop\adwcleaner.exe [2013.02.22 11:19:00 | 002,310,203 | ---- | C] () -- C:\Users\Juve1\Desktop\20130222_111509.jpg [2013.02.22 11:19:00 | 001,675,776 | ---- | C] () -- C:\Users\Juve1\Desktop\20130222_111528.jpg [2013.02.22 01:19:08 | 000,039,424 | ---- | C] () -- C:\Users\Juve1\Documents\tmp_cover771.jpg [2013.02.22 00:51:31 | 1474,615,628 | ---- | C] () -- C:\Users\Juve1\Desktop\Hochzeit Brattella 2006.avi [2013.02.22 00:34:38 | 000,001,347 | ---- | C] () -- C:\Users\Juve1\Desktop\Free DVD Video Converter.lnk [2013.02.22 00:34:38 | 000,001,243 | ---- | C] () -- C:\Users\Juve1\Desktop\DVDVideoSoft Free Studio.lnk [2013.02.21 23:46:16 | 000,001,082 | ---- | C] () -- C:\Users\Juve1\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk [2013.02.21 23:42:23 | 001,094,021 | ---- | C] () -- C:\Users\Juve1\Desktop\dvdshrink32setup.zip [2013.02.16 21:40:57 | 005,806,160 | ---- | C] () -- C:\Users\Juve1\Desktop\APK-Multi-Tool-Stable-RELEASE.zip [2013.02.14 14:42:00 | 003,081,315 | ---- | C] () -- C:\Users\Juve1\Desktop\Android-Hilfe.de App.apk [2013.02.14 12:50:09 | 000,071,134 | ---- | C] () -- C:\Users\Juve1\Desktop\fehlermeldung beim hochfahren.png [2013.02.14 12:44:54 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.14 12:44:54 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.13 20:26:14 | 000,095,428 | ---- | C] () -- C:\Windows\SysNative\s000001.dat [2013.02.10 11:30:25 | 004,024,188 | ---- | C] () -- C:\Users\Juve1\Desktop\Shazam_3.9.0-BB73852.apk [2013.02.10 11:12:00 | 034,614,812 | ---- | C] () -- C:\Users\Juve1\Desktop\NOVO App_1.5.apk [2013.02.08 14:05:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.08 07:28:17 | 000,144,834 | ---- | C] () -- C:\Users\Juve1\Desktop\WirelessKeyView_1.60.zip [2013.02.07 17:57:51 | 000,577,944 | ---- | C] () -- C:\Windows\SysNative\s000000.dat [2013.02.07 16:37:41 | 000,000,102 | ---- | C] () -- C:\Windows\SysNative\sstates.sdt [2013.02.07 16:37:41 | 000,000,040 | ---- | C] () -- C:\Windows\SysNative\sstate_prev.sdt [2013.01.20 01:20:57 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2013.01.20 01:16:14 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.18 23:18:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll [2013.01.18 23:14:52 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OK so? |
|
26.02.2013, 20:55
| #29 |
| /// Malware-holic | Email Anhang geöffnet! Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{DF9553EE-4F9F-47D9-9F35-2426AD424BFC}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{F810C698-9431-429B-AF9A-68C3C449F7F0}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
[2013.01.24 19:20:44 | 000,010,563 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\gmx-suche.xml
[2013.01.24 19:20:44 | 000,005,545 | ---- | M] () -- C:\Users\Juve1\AppData\Roaming\mozilla\firefox\profiles\p1d0emrt.default\searchplugins\webde-suche.xml
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
File not found
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found
O4 - HKCU..\Run: [ChatON Alarm] C:\Program Files (x86)\Samsung\ChatON\ChatON Alarm File not found
O4 - HKCU..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFE.EXE /FU "C:\Windows\TEMP\E_S5450.tmp" /EF "HKCU" File
not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File
not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not
found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
:files
:Commands
[emptytemp]
neustarten bitte. teste alle browser, firefox, internet explor. chrome, ob es umleitungen, ungewollte toolbars etc gibt, teste auch wie der pc und Programme allgemein laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 21:56
| #30 |
| | Email Anhang geöffnet! danke markusb, aber was wird dann gefixt? hab immer noch nicht verstanden was nun mein problem ist. und was heist das ?: neustarten bitte. teste alle browser, firefox, internet explor. chrome, ob es umleitungen, ungewollte toolbars etc gibt, teste auch wie der pc und Programme allgemein laufen? kann sein das nach dem fix was nicht tut? blick jetzt nichtmehr durch. Geändert von Roberto1 (26.02.2013 um 22:06 Uhr) |
|
| Themen zu Email Anhang geöffnet! |
| anhang, bedrohung, bot, clean, datei, email, email anhang, erkannt, gelöscht, gescannt, guten, heute, interne, internet, internet security 2013, kaspersky, kaspersky internet security 2013, leeren, malwarebytes, melde, meldet, ordner, rechnung, sauber, security, system, temp, öffnen |
Textbox. 
Linear-Darstellung
