|
Log-Analyse und Auswertung: Problem mit "Coupondropdown und ism.sitescout.com popups"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.07.2013, 18:52 | #16 |
/// the machine /// TB-Ausbilder | Problem mit "Coupondropdown und ism.sitescout.com popups" Das bereden wir am Schluss Was ist mit ESET und Securitycheck`?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 09:17 | #17 |
| Problem mit "Coupondropdown und ism.sitescout.com popups" Hallo Schrauber,
__________________da der Lauf doch mehrere Stunden in Anspruch genommen hat, hier nun erst das Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f14d3ef26b40984689d45372d4870e43 # engine=14506 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-23 11:59:14 # local_time=2013-07-24 01:59:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=772 16777214 66 1 19369900 19369900 0 0 # compatibility_mode=1286 16777214 100 97 33857 29390276 0 0 # compatibility_mode=1799 16775165 100 94 34478 435565 27180 0 # compatibility_mode=5892 16776574 100 100 577430 212147860 0 0 # compatibility_mode=7937 16777214 0 25 493856 493856 0 0 # scanned=509394 # found=17 # cleaned=0 # scan_time=21494 sh=C7481AE720E6FB6275F18D6ED61CA300EFF9530E ft=1 fh=030a4e4367b2c59e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Users\Ecksperts\Desktop\Desktop\mcafee_license_key.exe" sh=F99AE8A70F63F28DC0F8A9A7EAF154134B48FB9D ft=1 fh=a4540d858353947e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Users\Ecksperts\Desktop\Desktop\SpyHunter_4.1.11(1).exe" sh=F99AE8A70F63F28DC0F8A9A7EAF154134B48FB9D ft=1 fh=a4540d858353947e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Users\Ecksperts\Desktop\Desktop\SpyHunter_4.1.11.exe" sh=C7481AE720E6FB6275F18D6ED61CA300EFF9530E ft=1 fh=030a4e4367b2c59e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Windows.old\Documents and Settings\Ecksperts\Desktop\Desktop\mcafee_license_key.exe" sh=F99AE8A70F63F28DC0F8A9A7EAF154134B48FB9D ft=1 fh=a4540d858353947e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Windows.old\Documents and Settings\Ecksperts\Desktop\Desktop\SpyHunter_4.1.11(1).exe" sh=F99AE8A70F63F28DC0F8A9A7EAF154134B48FB9D ft=1 fh=a4540d858353947e vn="Win32/Adware.1ClickDownload.AK application" ac=I fn="C:\Windows.old\Documents and Settings\Ecksperts\Desktop\Desktop\SpyHunter_4.1.11.exe" sh=4E87476DC084C0FD24240ED0540A5A2B77551FF3 ft=1 fh=d730a63e5b652eb9 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Windows.old\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll" sh=0955A3A5465381C41719AA6C1A3027A0AE343143 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Windows.old\Users\Uwe\AppData\Local\Temp\YontooFFClient.xpi" sh=ED03AD164DE87942BCB227C5CB3A26B6BEC6EBCB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows.old\Users\Uwe\AppData\Local\Temp\YontooLayers.crx" sh=7CFFEE92A41D4F4AE97DC7505A543F41F1556979 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Windows.old\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\6hx7yn58.default\extensions\plugin@yontoo.com\content\overlay.js" sh=0955A3A5465381C41719AA6C1A3027A0AE343143 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="J:\Desktop\Uwe\AppData\Local\Temp\YontooFFClient.xpi" sh=F180DEFA96A16DA39C7989A35BF5631B59C3DBBB ft=1 fh=bf6c06fa3ebb6603 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="J:\Desktop\Uwe\AppData\Local\Temp\YontooIEClient.dll" sh=ED03AD164DE87942BCB227C5CB3A26B6BEC6EBCB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\Desktop\Uwe\AppData\Local\Temp\YontooLayers.crx" sh=48CB2EBFF1265B8A0FF062B028687819E7E293FB ft=1 fh=fdf0030b74fb0e4c vn="Win32/Adware.Yontoo application" ac=I fn="J:\Desktop\Uwe\AppData\Local\Temp\YontooSetup-Silent.exe" sh=B8D75ECF55E0AB9BA99526620DD2B457A19E622E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\Desktop\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2e16e737-25e7fcdb" sh=7CFFEE92A41D4F4AE97DC7505A543F41F1556979 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="J:\Desktop\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\6hx7yn58.default\extensions\plugin@yontoo.com\content\overlay.js" hier nun das Ergebnis aus dem "Security Check" Lauf: Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows Vista Service Pack 1 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Kaspersky Internet Security Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities Language Pack (de-DE) Wise Registry Cleaner 7.71 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Ecksperts |
24.07.2013, 11:40 | #18 |
/// the machine /// TB-Ausbilder | Problem mit "Coupondropdown und ism.sitescout.com popups" Alle Funde von ESET auf dem Desktop sowie auf J löschen. Ordner Windows.old löschen.
__________________Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ |
24.07.2013, 13:01 | #19 |
| Problem mit "Coupondropdown und ism.sitescout.com popups" Hallo Schrauber, hier das Ergebnis des Laufs: Code:
ATTFilter Farbar Service Scanner Version: 13-07-2013 Ran by Ecksperts (administrator) on 24-07-2013 at 13:58:05 Running from "C:\Users\Ecksperts\Desktop\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Demand. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2012-02-02 11:48] - [2012-02-02 11:48] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll [2012-02-04 00:50] - [2012-02-04 00:50] - 0224256 ____A (Microsoft Corporation) 3A0427F35E7F8C16BBC5B1BE32B8DE76 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Ecksperts |
24.07.2013, 14:44 | #20 |
/// the machine /// TB-Ausbilder | Problem mit "Coupondropdown und ism.sitescout.com popups" http://download.bleepingcomputer.com...sta/wscsvc.reg laden und ausführen, erlauben. Rechner neu starten und frisches FSS log und FRST log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 15:08 | #21 |
| Problem mit "Coupondropdown und ism.sitescout.com popups" Hier das frische FSS log: Code:
ATTFilter Farbar Service Scanner Version: 13-07-2013 Ran by Ecksperts (administrator) on 24-07-2013 at 15:58:18 Running from "C:\Users\Ecksperts\Desktop\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2012-02-02 11:48] - [2012-02-02 11:48] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll [2012-02-04 00:50] - [2012-02-04 00:50] - 0224256 ____A (Microsoft Corporation) 3A0427F35E7F8C16BBC5B1BE32B8DE76 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013 Ran by Ecksperts (administrator) on 24-07-2013 16:00:30 Running from C:\Users\Ecksperts\Desktop\Desktop Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Farbar) C:\Users\Ecksperts\Desktop\Desktop\FSS(1).exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Farbar) C:\Users\Ecksperts\Desktop\Desktop\FRST64(5).exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2013-06-26] (IncrediMail, Ltd.) HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-13] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-19] (Avira Operations GmbH & Co. KG) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation) HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-19] (Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: msdaipp - No CLSID Value - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default FF Homepage: hxxp://www.google.de/firefox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Ghostery - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\firefox@ghostery.com FF Extension: Yahoo! Toolbar - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: clearConsole - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\clearConsole@penzil.com.xpi FF Extension: nbthemes - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\nbthemes@narutoboards.xpi FF Extension: torntv2 - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\torntv2@torntv.com.xpi FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi FF Extension: No Name - C:\Users\Ecksperts\AppData\Roaming\Mozilla\Firefox\Profiles\aj0e891s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [videoraptor-firefox-surf-and-catch-extension@audials.com] C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ FF Extension: Videoraptor Firefox Surf and Catch Plugin - C:\Program Files (x86)\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-19] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-19] (Avira Operations GmbH & Co. KG) S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-13] (Kaspersky Lab ZAO) S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-05-24] () S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-11-28] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-19] (Avira Operations GmbH & Co. KG) S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2009-01-23] (Brother Industries Ltd.) R3 FET5A64; C:\Windows\System32\DRIVERS\fet5a64.sys [49024 2006-09-18] (VIA Technologies, Inc. ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 cpuz134; \??\C:\Users\ECKSPE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 gfiark; system32\drivers\gfiark.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 sbapifs; system32\DRIVERS\sbapifs.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 16:04 - 2013-07-22 16:05 - 00003591 _____ C:\AdwCleaner[S20].txt 2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt 2013-07-22 16:03 - 2013-07-22 16:03 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner.exe 2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT 2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt 2013-07-22 01:08 - 2013-07-22 01:09 - 00004288 _____ C:\AdwCleaner[R19].txt 2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt 2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt 2013-07-21 16:37 - 2013-07-21 16:40 - 00000162 _____ C:\Windows\Reimage.ini 2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic 2013-07-21 00:33 - 2013-07-21 00:36 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg 2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL 2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074} 2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-21 00:27 - 2005-06-01 04:10 - 00495616 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll 2013-07-21 00:27 - 2005-06-01 03:10 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll 2013-07-21 00:27 - 2005-06-01 00:30 - 00000097 _____ C:\Windows\SysWOW64\PICSDK.ini 2013-07-21 00:27 - 2005-06-01 00:20 - 00111932 _____ C:\Windows\SysWOW64\EPPICPrinterDB.dat 2013-07-21 00:27 - 2005-06-01 00:10 - 00073728 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll 2013-07-21 00:27 - 2004-03-03 06:10 - 00114688 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll 2013-07-21 00:27 - 2004-03-03 06:10 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll 2013-07-21 00:27 - 2004-03-03 06:10 - 00031053 _____ C:\Windows\SysWOW64\EPPICPattern131.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00027417 _____ C:\Windows\SysWOW64\EPPICPattern121.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00026154 _____ C:\Windows\SysWOW64\EPPICPattern1.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00024903 _____ C:\Windows\SysWOW64\EPPICPattern3.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00021390 _____ C:\Windows\SysWOW64\EPPICPattern5.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00020148 _____ C:\Windows\SysWOW64\EPPICPattern2.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00013732 _____ C:\Windows\SysWOW64\EPPICLocal_EN.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00011811 _____ C:\Windows\SysWOW64\EPPICPattern4.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00006442 _____ C:\Windows\SysWOW64\EPPICLocal_IT.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_PT.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_BP.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006335 _____ C:\Windows\SysWOW64\EPPICLocal_GE.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_FR.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_CF.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006122 _____ C:\Windows\SysWOW64\EPPICLocal_DU.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00006103 _____ C:\Windows\SysWOW64\EPPICLocal_ES.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00005817 _____ C:\Windows\SysWOW64\EPPICLocal_KO.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00005436 _____ C:\Windows\SysWOW64\EPPICLocal_SC.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00004943 _____ C:\Windows\SysWOW64\EPPICPattern6.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00002889 _____ C:\Windows\SysWOW64\EPPICLocal_RU.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00002426 _____ C:\Windows\SysWOW64\EPPICLocal_TC.cfg 2013-07-21 00:27 - 2004-03-03 06:10 - 00001146 _____ C:\Windows\SysWOW64\EPPICPresetData_DU.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_PT.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_BP.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001136 _____ C:\Windows\SysWOW64\EPPICPresetData_ES.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_FR.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_CF.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001120 _____ C:\Windows\SysWOW64\EPPICPresetData_IT.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001107 _____ C:\Windows\SysWOW64\EPPICPresetData_GE.dat 2013-07-21 00:27 - 2004-03-03 06:10 - 00001104 _____ C:\Windows\SysWOW64\EPPICPresetData_EN.dat 2013-07-21 00:26 - 2013-07-21 00:28 - 00000000 ____D C:\Program Files (x86)\Panasonic 2013-07-21 00:26 - 2005-03-07 19:44 - 00045056 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Windows\SysWOW64\PhDi2.sys 2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm 2013-07-20 19:38 - 2013-07-20 19:42 - 00000000 ____D C:\Windows\system32\MRT 2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt 2013-07-19 01:14 - 2013-07-19 01:15 - 00004224 _____ C:\AdwCleaner[R17].txt 2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira 2013-07-19 01:07 - 2013-07-19 01:35 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-19 01:06 - 2013-07-19 01:01 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-07-19 01:06 - 2013-07-19 01:01 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-07-19 01:06 - 2013-07-19 01:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-07-18 08:52 - 2013-07-24 15:49 - 00255225 _____ C:\Windows\WindowsUpdate.log 2013-07-18 08:48 - 2013-07-24 13:49 - 00083172 _____ C:\Windows\PFRO.log 2013-07-18 01:23 - 2013-07-19 01:35 - 00000000 ____D C:\ProgramData\Avira 2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2013-07-17 22:11 - 2013-07-18 08:48 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST 2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt 2013-07-16 21:04 - 2013-07-16 21:05 - 00003618 _____ C:\AdwCleaner[R16].txt 2013-07-16 20:59 - 2013-07-16 21:00 - 00005378 _____ C:\AdwCleaner[S15].txt 2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt 2013-07-13 19:03 - 2013-07-13 19:05 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk 2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk 2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk 2013-07-13 19:00 - 2013-07-13 19:03 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk 2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk 2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 12:46 - 2013-07-12 13:11 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4) 2013-07-07 06:31 - 2013-07-07 06:33 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS 2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt 2013-07-05 20:17 - 2013-07-05 20:18 - 00003832 _____ C:\AdwCleaner[R14].txt 2013-07-01 21:59 - 2013-07-01 22:00 - 00003844 _____ C:\AdwCleaner[S13].txt 2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt 2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt 2013-06-30 18:34 - 2013-06-30 18:35 - 00003301 _____ C:\AdwCleaner[R12].txt 2013-06-30 12:06 - 2013-06-30 12:12 - 00010792 _____ C:\AdwCleaner[S11].txt 2013-06-30 12:04 - 2013-06-30 12:05 - 00010846 _____ C:\AdwCleaner[R11].txt 2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail 2013-06-26 10:47 - 2013-06-26 11:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-26 10:47 - 2013-06-26 11:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-26 08:48 - 2013-07-11 21:00 - 00000394 _____ C:\Windows\Tasks\RegTask.job 2013-06-26 08:48 - 2013-06-26 10:28 - 00000000 ____D C:\Program Files (x86)\RegTask 2013-06-26 08:48 - 2013-06-26 10:27 - 00000000 ____D C:\ProgramData\RegTask 2013-06-26 08:48 - 2013-06-26 10:11 - 00003602 _____ C:\Windows\System32\Tasks\RegTask 2013-06-25 20:06 - 2013-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\mozilla firefox ==================== One Month Modified Files and Folders ======= 2013-07-24 15:56 - 2013-07-18 08:52 - 00255225 _____ C:\Windows\WindowsUpdate.log 2013-07-24 15:54 - 2012-02-02 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-24 15:52 - 2013-05-26 11:59 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Wise Care 365 2013-07-24 15:50 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-24 15:50 - 2006-11-02 17:22 - 00003264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 13:49 - 2013-07-18 08:48 - 00083172 _____ C:\Windows\PFRO.log 2013-07-22 16:05 - 2013-07-22 16:04 - 00003591 _____ C:\AdwCleaner[S20].txt 2013-07-22 16:05 - 2013-02-24 13:01 - 00022480 _____ C:\Windows\DeleteOnReboot.bat 2013-07-22 16:04 - 2013-07-22 16:04 - 00003474 _____ C:\AdwCleaner[R20].txt 2013-07-22 16:03 - 2013-07-22 16:03 - 00666633 _____ C:\Users\Ecksperts\Desktop\adwcleaner.exe 2013-07-22 15:48 - 2013-07-22 15:48 - 00000000 ____D C:\Windows\ERUNT 2013-07-22 01:10 - 2013-07-22 01:10 - 00004501 _____ C:\AdwCleaner[S19].txt 2013-07-22 01:09 - 2013-07-22 01:08 - 00004288 _____ C:\AdwCleaner[R19].txt 2013-07-21 22:44 - 2013-07-21 22:44 - 00004184 _____ C:\AdwCleaner[S18].txt 2013-07-21 22:43 - 2013-07-21 22:43 - 00004007 _____ C:\AdwCleaner[R18].txt 2013-07-21 16:40 - 2013-07-21 16:37 - 00000162 _____ C:\Windows\Reimage.ini 2013-07-21 16:19 - 2012-02-02 11:49 - 00109816 _____ C:\Users\ECKSPE~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-21 16:14 - 2006-11-02 17:21 - 00400320 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-21 00:36 - 2013-07-21 00:36 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Panasonic 2013-07-21 00:36 - 2013-07-21 00:33 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Lumix Bildbearbeitg 2013-07-21 00:36 - 2012-02-04 17:11 - 00000888 _____ C:\Windows\BRWMARK.INI 2013-07-21 00:32 - 2013-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ISL 2013-07-21 00:32 - 2012-02-03 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\Users\ECKSPE~1\AppData\Local\{B96D1B84-189C-4535-8C31-7517D6A8D074} 2013-07-21 00:31 - 2013-07-21 00:31 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-21 00:28 - 2013-07-21 00:26 - 00000000 ____D C:\Program Files (x86)\Panasonic 2013-07-20 19:45 - 2013-07-20 19:45 - 00000000 ____D C:\Users\Ecksperts\Desktop\Sergej_Hamm 2013-07-20 19:42 - 2013-07-20 19:38 - 00000000 ____D C:\Windows\system32\MRT 2013-07-19 01:35 - 2013-07-19 01:07 - 00001901 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-07-19 01:35 - 2013-07-18 01:23 - 00000000 ____D C:\ProgramData\Avira 2013-07-19 01:16 - 2013-07-19 01:16 - 00004437 _____ C:\AdwCleaner[S17].txt 2013-07-19 01:15 - 2013-07-19 01:14 - 00004224 _____ C:\AdwCleaner[R17].txt 2013-07-19 01:11 - 2013-07-19 01:11 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\Avira 2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-19 01:01 - 2013-07-19 01:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-07-19 01:01 - 2013-07-19 01:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-07-19 01:01 - 2013-07-19 01:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-07-18 08:48 - 2013-07-17 22:11 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-07-18 01:58 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-18 01:57 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-17 22:12 - 2013-07-17 22:12 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\FRST 2013-07-17 19:18 - 2013-05-26 15:58 - 00000420 _____ C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2013-07-17 13:30 - 2012-11-28 02:28 - 00002641 _____ C:\Users\Ecksperts\Desktop\Microsoft Word 2010.lnk 2013-07-16 21:05 - 2013-07-16 21:05 - 00003825 _____ C:\AdwCleaner[S16].txt 2013-07-16 21:05 - 2013-07-16 21:04 - 00003618 _____ C:\AdwCleaner[R16].txt 2013-07-16 21:00 - 2013-07-16 20:59 - 00005378 _____ C:\AdwCleaner[S15].txt 2013-07-16 20:59 - 2013-07-16 20:59 - 00005159 _____ C:\AdwCleaner[R15].txt 2013-07-16 20:57 - 2013-04-22 13:19 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Cleaner 2013-07-16 20:54 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files\CCleaner 2013-07-16 20:40 - 2013-06-25 20:06 - 00000000 ____D C:\Program Files (x86)\mozilla firefox 2013-07-15 12:14 - 2013-03-22 22:17 - 00000474 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job 2013-07-14 12:00 - 2013-05-26 12:06 - 00000410 _____ C:\Windows\Tasks\Wise Turbo Checker.job 2013-07-13 19:05 - 2013-07-13 19:03 - 37257216 _____ C:\Windows\system32\config\COMPONENTS.rhk 2013-07-13 19:03 - 2013-07-13 19:03 - 00180224 _____ C:\Windows\system32\config\DEFAULT.rhk 2013-07-13 19:03 - 2013-07-13 19:03 - 00057344 _____ C:\Windows\system32\config\SAM.rhk 2013-07-13 19:03 - 2013-07-13 19:00 - 65347584 _____ C:\Windows\system32\config\SOFTWARE.rhk 2013-07-13 19:00 - 2013-07-13 19:00 - 00024576 _____ C:\Windows\system32\config\SECURITY.rhk 2013-07-13 18:00 - 2012-02-02 12:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-13 14:45 - 2012-02-02 17:28 - 00000000 ___RD C:\Users\Ecksperts\Desktop\Uwe & Ildiko 2013-07-13 08:50 - 2013-07-13 08:50 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-13 08:50 - 2012-02-02 12:28 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 13:11 - 2013-07-12 12:46 - 00000000 ____D C:\Users\Ecksperts\Desktop\Neuer Ordner (4) 2013-07-12 12:57 - 2013-05-01 14:57 - 00000000 ____D C:\Users\Ecksperts\Desktop\Anzeigen 2013-07-12 12:54 - 2013-04-30 18:10 - 00000000 ____D C:\Users\Ecksperts\Desktop\Beckmannplatz 2013-07-12 09:18 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 01:00 - 2012-11-27 23:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 21:00 - 2013-06-26 08:48 - 00000394 _____ C:\Windows\Tasks\RegTask.job 2013-07-07 06:33 - 2013-07-07 06:31 - 00000000 __SHD C:\WISE_DISKSCRUBTEMP_NTFS 2013-07-06 18:11 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Help 2013-07-05 20:18 - 2013-07-05 20:18 - 00004033 _____ C:\AdwCleaner[S14].txt 2013-07-05 20:18 - 2013-07-05 20:17 - 00003832 _____ C:\AdwCleaner[R14].txt 2013-07-01 22:00 - 2013-07-01 21:59 - 00003844 _____ C:\AdwCleaner[S13].txt 2013-07-01 21:59 - 2013-07-01 21:59 - 00003643 _____ C:\AdwCleaner[R13].txt 2013-06-30 18:35 - 2013-06-30 18:35 - 00003513 _____ C:\AdwCleaner[S12].txt 2013-06-30 18:35 - 2013-06-30 18:34 - 00003301 _____ C:\AdwCleaner[R12].txt 2013-06-30 18:30 - 2012-02-04 12:20 - 00000000 ____D C:\Users\Ecksperts\AppData\Roaming\BOM 2013-06-30 12:12 - 2013-06-30 12:06 - 00010792 _____ C:\AdwCleaner[S11].txt 2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-06-30 12:12 - 2012-02-02 11:49 - 00000913 _____ C:\Users\Ecksperts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-06-30 12:05 - 2013-06-30 12:04 - 00010846 _____ C:\AdwCleaner[R11].txt 2013-06-30 12:05 - 2011-06-11 02:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-06-30 12:05 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-06-26 17:18 - 2013-06-26 17:18 - 00000000 ____D C:\Program Files (x86)\IncrediMail 2013-06-26 11:10 - 2013-06-26 10:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-26 11:10 - 2013-06-26 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-26 10:28 - 2013-06-26 08:48 - 00000000 ____D C:\Program Files (x86)\RegTask 2013-06-26 10:27 - 2013-06-26 08:48 - 00000000 ____D C:\ProgramData\RegTask 2013-06-26 10:11 - 2013-06-26 08:48 - 00003602 _____ C:\Windows\System32\Tasks\RegTask 2013-06-24 00:57 - 2006-11-02 14:35 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-24 15:57 ==================== End Of Log ============================ --- --- --- Gruß Ecksperts |
24.07.2013, 16:04 | #22 |
/// the machine /// TB-Ausbilder | Problem mit "Coupondropdown und ism.sitescout.com popups" Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 18:26 | #23 |
| Problem mit "Coupondropdown und ism.sitescout.com popups" Hallo Schrauber, bin jetzt seit einigen Minuten Im Internet und zur Zeit läuft alles rund!! Du bist einfach Spitze!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Hab vielen Dank für Deine Mühe und wenn ich nochmal ein Problem habe, so hoffe ich auf Deinen fachmännischen Rat zurückgreifen zu dürfen! Also, Ecksperts sagt nochmals dan................................................................ke!! MfG Ecksperts |
25.07.2013, 07:15 | #24 |
/// the machine /// TB-Ausbilder | Problem mit "Coupondropdown und ism.sitescout.com popups" Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Problem mit "Coupondropdown und ism.sitescout.com popups" |
.com, andere, anderen, anfänger, bereits, fenster, forum, hintergrund, interne, internet, leute, neues, neuling, nischen, plötzlich, popups, problem, seite, seiten, super, tagen, unterwegs, versucht, vorgehensweise, vorsicht, worte |