Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox öffnet websites wie serve.bannersdontwork

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 09.08.2013, 10:04   #1
Takezo64
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Hi!
Ich hab schon diverse Scans durchgeführt, trotzdem öffnet sich von Zeit zu Zeit eine solche Seite. Ein Protokoll mit OLT hab ich erstellt. Siehe hier:

OTL logfile created on: 09.08.2013 09:37:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,14% Memory free
7,99 Gb Paging File | 5,60 Gb Available in Paging File | 70,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 317,44 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive D: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 650,80 Gb Free Space | 69,86% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 1,42 Gb Free Space | 19,02% Space Free | Partition Type: FAT32

Computer Name: TAKEZO-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\takezo\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan)
PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NalServ) -- C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Kilgray: memoQ update permissions manager. 2595325.) -- C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware)
SRV - (NewServiceInstall1) -- C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 62 97 C7 B8 51 CB 01 [binary data]
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.selectedEngine: "GMX Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: dictionary-switcher%40design-noir.de:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.4
FF - prefs.js..extensions.enabledAddons: adonis.cuhk%40gmail.com:1.8.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.25 23:23:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions
[2012.04.14 07:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.08.09 09:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions
[2013.05.16 08:58:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.14 07:45:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\dictionary-switcher@design-noir.de
[2012.02.08 07:46:27 | 000,113,603 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\nosquint@urandom.ca.xpi
[2012.04.14 06:41:31 | 000,576,962 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\toolbar@web.de.xpi
[2011.09.16 10:45:49 | 000,688,336 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}.xpi
[2011.08.03 08:26:41 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.04.04 06:42:15 | 000,520,884 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.01.06 12:08:49 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.24 07:39:53 | 000,686,225 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.08.03 08:26:41 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2013.07.23 08:37:44 | 000,005,313 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\adonis.cuhk@gmail.com.xpi
[2013.04.28 00:21:39 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\personas@christopher.beard.xpi
[2013.07.18 09:56:26 | 000,572,343 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\toolbar@gmx.net.xpi
[2012.04.14 07:45:36 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2013.08.08 10:07:34 | 000,534,178 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.07.31 17:10:54 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.18 09:56:49 | 000,002,418 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\englische-ergebnisse.xml
[2013.07.18 09:56:48 | 000,010,701 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\gmx-suche.xml
[2013.07.18 09:56:49 | 000,002,432 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\lastminute.xml
[2013.07.18 09:56:48 | 000,005,682 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\webde-suche.xml
[2013.08.07 19:24:12 | 000,002,112 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\wot-safe-search.xml
[2013.08.08 10:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.08.08 10:16:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.22 10:27:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: AdBlock = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: vshare plugin = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Anti-Banner = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013.08.08 17:29:55 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7298A0-86C5-42B2-8D33-EEC3FF16E7A7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: NameServer = 88.214.182.2 88.214.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.05 20:46:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.10.26 17:57:29 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ]
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.09 08:58:12 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.08.09 08:58:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.08.09 08:58:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.08.09 08:58:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.08.09 08:58:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.08.09 08:58:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.08.09 08:58:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.08.08 22:02:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4472934-13D3-490F-91F3-06BB06ED576E}
[2013.08.08 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\SUPERAntiSpyware.com
[2013.08.08 16:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.08.08 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.08.08 16:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.08.08 16:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.08.08 10:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.08.08 10:02:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4FC0667-962A-4208-84A5-F969CA49C1D8}
[2013.08.07 19:20:46 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{80B10441-B6FA-4566-AAE0-B91591358283}
[2013.08.07 07:20:26 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{15256F9F-AA5D-4409-80FE-FAFE416012C4}
[2013.08.06 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{753CE5F7-B7BB-4BE3-ABCA-5810661B1B63}
[2013.08.05 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C96F3D48-CD33-4EAD-8BB9-ADFE5CE19EE7}
[2013.08.05 08:43:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3316DACA-120C-4C60-A805-78F6DDC17B1B}
[2013.08.04 13:51:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{2B98E0EC-AE07-4F57-AAFB-BFDFF4D0B435}
[2013.08.03 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{702DE7EC-33A5-4340-A349-9BAA4B66F168}
[2013.08.02 21:41:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{DB2ABF03-E7AA-4713-997C-19A058F8DE17}
[2013.08.02 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D78F6223-3E61-42C9-8262-747CC29990DB}
[2013.08.01 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{0CE53AC1-4632-43F1-8C3F-8A79F1944EF7}
[2013.08.01 07:03:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\MetaCrawler
[2013.07.31 22:01:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BC655F9A-7C8B-4BE4-9BF9-0753EC7926D2}
[2013.07.31 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A434F258-ADB5-45CA-9641-15AB2F534960}
[2013.07.30 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{78E96EFD-AA06-4F84-8716-B4970447AAAB}
[2013.07.30 10:01:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{915ED91F-3C6F-4BFA-AD76-4BE379F0E6A1}
[2013.07.29 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0FD282-7EE7-4A83-B7DF-D23F6EB7AB46}
[2013.07.29 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A91693D0-1F5B-4B67-A164-F3EF476CA29B}
[2013.07.28 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C3E3AE9F-B42B-4E3D-93D7-EDA3458D8771}
[2013.07.28 20:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.28 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{5F2DB6EC-8B50-4D10-8195-AB96F465E19A}
[2013.07.27 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{771758E0-2897-4EFD-8F1E-EFF870D9D211}
[2013.07.26 09:27:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9862934A-D660-486A-9AD4-E5DC4EF1D0A3}
[2013.07.26 09:26:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D0F2F727-BB05-4630-AD74-1B5838C11FD5}
[2013.07.25 12:58:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B6622161-2887-4AF7-A08E-C099AAD8B386}
[2013.07.25 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7E0248D8-B267-4199-A5B3-48438C3C0CE6}
[2013.07.24 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4DAA4C14-7CB8-47C2-BFF7-CEA75A1E9576}
[2013.07.24 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FA8199A9-F51C-4EBE-9E90-5F2894300926}
[2013.07.23 12:15:48 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{07B02DF8-6DF0-4159-B951-1FACFD861575}
[2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2013.07.23 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1968273A-1E71-4773-8B0A-655852490E8B}
[2013.07.22 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C1783379-5ECE-482A-A27F-939A3F1D88BA}
[2013.07.21 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EB4DD1AD-53FA-458C-BA58-A17D9EFABA16}
[2013.07.21 10:51:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A8BAFF9F-4467-497E-866F-0697B8461900}
[2013.07.20 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4047B6F4-467F-4CA3-8D69-419F1D5D52D6}
[2013.07.20 08:35:15 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CAF4FAC6-BDEF-4C17-BDB2-28D85A5DEDD4}
[2013.07.20 03:12:14 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8BC176AE-5FC4-439A-8DB0-D0DAC7AFB287}
[2013.07.19 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EF957BD3-3E1E-4BE2-9558-AEF51468B312}
[2013.07.18 21:57:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{221F18A9-D8E8-4555-BAC0-5454382F59FF}
[2013.07.18 09:57:29 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BEC545B7-31A3-4F9E-A524-01075452EA63}
[2013.07.17 10:35:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0E7070-568D-408F-AB57-6A8DF290E9E8}
[2013.07.16 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1F238BD8-DD1A-4E20-8572-A5AA6785B032}
[2013.07.16 10:34:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{512E2FAC-01D5-40B1-8C2B-CA5A440055BB}
[2013.07.15 22:34:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{50300C40-099F-4A93-8F1A-6B713346E17D}
[2013.07.15 10:34:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{72F24E69-7274-44AC-B6D1-DB51CC4FA509}
[2013.07.14 22:33:40 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C93652CE-9C6E-4E29-9090-F111BB5614F0}
[2013.07.14 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{90E4324A-44FA-498E-9114-659752AABAEC}
[2013.07.13 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8FEC541E-DEE4-4999-A914-97A2C7D30019}
[2013.07.12 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A67F1388-1546-4569-812F-3B3970480D48}
[2013.07.11 23:24:39 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4BD2E493-8A72-4B9D-BEEC-B1054C40F63E}
[2013.07.11 11:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.11 11:24:24 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CFD5D1DB-54FF-433F-9897-2BA6948FEAC1}
[2013.07.10 21:24:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1D8CBD9C-1A76-40EC-83C7-86C6DB2B5155}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.09 09:41:54 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 09:41:53 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 09:34:02 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.09 09:33:21 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.09 09:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.09 09:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.09 09:32:46 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.09 08:15:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job
[2013.08.09 07:23:33 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job
[2013.08.09 00:56:00 | 002,404,642 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.09 00:56:00 | 002,365,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.09 00:56:00 | 001,745,140 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.09 00:56:00 | 001,716,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.09 00:56:00 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.08 17:29:55 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.08.08 17:14:37 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130808-172955.backup
[2013.08.08 16:14:54 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.08.08 10:16:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.08 01:58:31 | 000,002,068 | ---- | M] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.08.08 01:58:31 | 000,001,997 | ---- | M] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk
[2013.08.07 10:58:18 | 000,046,916 | ---- | M] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf
[2013.08.01 08:00:18 | 000,000,128 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb
[2013.08.01 06:46:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.08.01 06:46:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.31 22:35:49 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.31 17:13:58 | 009,711,129 | ---- | M] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf
[2013.07.28 20:35:53 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.23 09:16:30 | 000,001,139 | ---- | M] () -- C:\Users\takezo\Desktop\System Checkup.lnk
[2013.07.23 09:16:26 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2013.07.16 17:25:39 | 000,001,138 | ---- | M] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
[2013.07.10 14:07:47 | 004,975,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.08 16:15:20 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job
[2013.08.08 16:15:18 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job
[2013.08.08 16:14:54 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.08.08 15:00:33 | 000,001,409 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.08.08 12:42:34 | 000,046,916 | ---- | C] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf
[2013.08.08 10:16:58 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.08.08 10:16:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.08 00:34:09 | 000,002,068 | ---- | C] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.08.08 00:34:09 | 000,001,997 | ---- | C] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk
[2013.08.04 14:06:34 | 009,711,129 | ---- | C] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf
[2013.08.01 08:00:17 | 000,000,128 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb
[2013.07.23 09:16:30 | 000,001,139 | ---- | C] () -- C:\Users\takezo\Desktop\System Checkup.lnk
[2013.07.23 09:16:26 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013.07.16 17:25:39 | 000,001,138 | ---- | C] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
[2013.01.25 12:44:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.14 11:19:49 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.04.12 06:21:32 | 000,017,408 | ---- | C] () -- C:\Users\takezo\AppData\Local\WebpageIcons.db
[2011.09.29 08:47:23 | 011,165,696 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.mdb
[2011.07.26 10:18:01 | 000,003,373 | ---- | C] () -- C:\Users\takezo\unigine_20110726_1017.html
[2011.01.13 12:32:58 | 000,000,058 | ---- | C] () -- C:\Users\takezo\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.09.15 16:20:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.07 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.08.30 12:08:54 | 000,000,094 | ---- | C] () -- C:\Users\takezo\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2010.06.21 03:01:44 | 000,002,903 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Songbird2\Profiles\bvlf5ubh.Aida\extensions\{183f766a-4b9b-854d-88db-62677b3d779e}\chrome\skin\mini-player\l.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >

Hoffe, ich hab das so richtig gemacht!

 

Themen zu Firefox öffnet websites wie serve.bannersdontwork
adobe, avira, bho, bonjour, desktop, ebanking, entfernen, explorer, firefox, flash player, format, gmx.net, helper, kaspersky, kaspersky internet security 2013, logfile, mozilla, nvidia, plug-in, realtek, registry, security, server, software, superantispyware, tastatur, temp, windows, öffnet




Ähnliche Themen: Firefox öffnet websites wie serve.bannersdontwork


  1. Probleme mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 07.12.2013 (7)
  2. Windows 8 - serve.bannersdontwork
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (7)
  3. N°1 serve.bannersdontwork.com
    Log-Analyse und Auswertung - 26.09.2013 (7)
  4. Problem mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 25.09.2013 (4)
  5. N°2 serve.bannersdontwork.com
    Mülltonne - 25.09.2013 (1)
  6. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 17.09.2013 (13)
  7. Problem mit http://serve.bannersdontwork.com
    Log-Analyse und Auswertung - 22.08.2013 (9)
  8. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 15.08.2013 (15)
  9. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 13.08.2013 (17)
  10. wieder serve.bannersdontwork.com etc.
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (16)
  11. Wie entferne ich http://serve.bannersdontwork.com/text/javascript http://serve.bannersdontwork.com/&m=true
    Log-Analyse und Auswertung - 18.06.2013 (10)
  12. IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.
    Log-Analyse und Auswertung - 10.06.2013 (23)
  13. Firefox öffnet automatisch attakierende Websites und weitere Kuriositäten
    Plagegeister aller Art und deren Bekämpfung - 09.02.2011 (21)
  14. Firefox Öffnet in Google falsche Links und öffnet spontan Websites in neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (5)
  15. Firefox öffnet ungewollt Websites + Generic Host Problem
    Log-Analyse und Auswertung - 22.11.2010 (45)
  16. Erfolgreiche Antimalware Doctor Entfernung? Firefox öffnet selbstständig Websites
    Log-Analyse und Auswertung - 18.06.2010 (3)
  17. Firefox öffnet immer Websites
    Log-Analyse und Auswertung - 02.01.2009 (9)

Zum Thema Firefox öffnet websites wie serve.bannersdontwork - Hi! Ich hab schon diverse Scans durchgeführt, trotzdem öffnet sich von Zeit zu Zeit eine solche Seite. Ein Protokoll mit OLT hab ich erstellt. Siehe hier: OTL logfile created on: - Firefox öffnet websites wie serve.bannersdontwork...
Archiv
Du betrachtest: Firefox öffnet websites wie serve.bannersdontwork auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.