![]() |
|
Log-Analyse und Auswertung: Firefox öffnet websites wie serve.bannersdontworkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Firefox öffnet websites wie serve.bannersdontwork Hi! Ich hab schon diverse Scans durchgeführt, trotzdem öffnet sich von Zeit zu Zeit eine solche Seite. Ein Protokoll mit OLT hab ich erstellt. Siehe hier: OTL logfile created on: 09.08.2013 09:37:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,14% Memory free 7,99 Gb Paging File | 5,60 Gb Available in Paging File | 70,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 317,44 Gb Free Space | 68,17% Space Free | Partition Type: NTFS Drive D: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 650,80 Gb Free Space | 69,86% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 1,42 Gb Free Space | 19,02% Space Free | Partition Type: FAT32 Computer Name: TAKEZO-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\takezo\Downloads\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan) PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NalServ) -- C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Kilgray: memoQ update permissions manager. 2595325.) -- C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware) SRV - (NewServiceInstall1) -- C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng () ========== Driver Services (SafeList) ========== DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan) DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\drivers\btwusb.sys (Broadcom Corporation.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 62 97 C7 B8 51 CB 01 [binary data] IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..backup.old.browser.search.selectedEngine: "WEB.DE Suche" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.selectedEngine: "GMX Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: dictionary-switcher%40design-noir.de:1.3.2 FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.4 FF - prefs.js..extensions.enabledAddons: adonis.cuhk%40gmail.com:1.8.6 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.25 23:23:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions [2012.04.14 07:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles [2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions [2012.04.14 07:18:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.14 07:18:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\2020Player_IKEA@2020Technologies.com [2013.08.09 09:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions [2013.05.16 08:58:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.14 07:45:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\dictionary-switcher@design-noir.de [2012.02.08 07:46:27 | 000,113,603 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\nosquint@urandom.ca.xpi [2012.04.14 06:41:31 | 000,576,962 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\toolbar@web.de.xpi [2011.09.16 10:45:49 | 000,688,336 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}.xpi [2011.08.03 08:26:41 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012.04.04 06:42:15 | 000,520,884 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.01.06 12:08:49 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.24 07:39:53 | 000,686,225 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011.08.03 08:26:41 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2013.07.23 08:37:44 | 000,005,313 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\adonis.cuhk@gmail.com.xpi [2013.04.28 00:21:39 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\personas@christopher.beard.xpi [2013.07.18 09:56:26 | 000,572,343 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\toolbar@gmx.net.xpi [2012.04.14 07:45:36 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.08.08 10:07:34 | 000,534,178 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.07.31 17:10:54 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.18 09:56:49 | 000,002,418 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\englische-ergebnisse.xml [2013.07.18 09:56:48 | 000,010,701 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\gmx-suche.xml [2013.07.18 09:56:49 | 000,002,432 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\lastminute.xml [2013.07.18 09:56:48 | 000,005,682 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\webde-suche.xml [2013.08.07 19:24:12 | 000,002,112 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\wot-safe-search.xml [2013.08.08 10:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.08.08 10:16:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.22 10:27:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin8.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: AdBlock = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: vshare plugin = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Anti-Banner = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.08.08 17:29:55 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14938 more lines... O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7298A0-86C5-42B2-8D33-EEC3FF16E7A7}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: NameServer = 88.214.182.2 88.214.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.04.05 20:46:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.10.26 17:57:29 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ] O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.09 08:58:12 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.08.09 08:58:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.08.09 08:58:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.08.09 08:58:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.08.09 08:58:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.08.09 08:58:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.08.09 08:58:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.08.08 22:02:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4472934-13D3-490F-91F3-06BB06ED576E} [2013.08.08 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\SUPERAntiSpyware.com [2013.08.08 16:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.08.08 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.08.08 16:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.08.08 16:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.08.08 10:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.08.08 10:02:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4FC0667-962A-4208-84A5-F969CA49C1D8} [2013.08.07 19:20:46 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{80B10441-B6FA-4566-AAE0-B91591358283} [2013.08.07 07:20:26 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{15256F9F-AA5D-4409-80FE-FAFE416012C4} [2013.08.06 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{753CE5F7-B7BB-4BE3-ABCA-5810661B1B63} [2013.08.05 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C96F3D48-CD33-4EAD-8BB9-ADFE5CE19EE7} [2013.08.05 08:43:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3316DACA-120C-4C60-A805-78F6DDC17B1B} [2013.08.04 13:51:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{2B98E0EC-AE07-4F57-AAFB-BFDFF4D0B435} [2013.08.03 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{702DE7EC-33A5-4340-A349-9BAA4B66F168} [2013.08.02 21:41:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{DB2ABF03-E7AA-4713-997C-19A058F8DE17} [2013.08.02 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D78F6223-3E61-42C9-8262-747CC29990DB} [2013.08.01 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{0CE53AC1-4632-43F1-8C3F-8A79F1944EF7} [2013.08.01 07:03:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\MetaCrawler [2013.07.31 22:01:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BC655F9A-7C8B-4BE4-9BF9-0753EC7926D2} [2013.07.31 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A434F258-ADB5-45CA-9641-15AB2F534960} [2013.07.30 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{78E96EFD-AA06-4F84-8716-B4970447AAAB} [2013.07.30 10:01:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{915ED91F-3C6F-4BFA-AD76-4BE379F0E6A1} [2013.07.29 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0FD282-7EE7-4A83-B7DF-D23F6EB7AB46} [2013.07.29 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A91693D0-1F5B-4B67-A164-F3EF476CA29B} [2013.07.28 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C3E3AE9F-B42B-4E3D-93D7-EDA3458D8771} [2013.07.28 20:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.07.28 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{5F2DB6EC-8B50-4D10-8195-AB96F465E19A} [2013.07.27 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{771758E0-2897-4EFD-8F1E-EFF870D9D211} [2013.07.26 09:27:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9862934A-D660-486A-9AD4-E5DC4EF1D0A3} [2013.07.26 09:26:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D0F2F727-BB05-4630-AD74-1B5838C11FD5} [2013.07.25 12:58:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B6622161-2887-4AF7-A08E-C099AAD8B386} [2013.07.25 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7E0248D8-B267-4199-A5B3-48438C3C0CE6} [2013.07.24 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4DAA4C14-7CB8-47C2-BFF7-CEA75A1E9576} [2013.07.24 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FA8199A9-F51C-4EBE-9E90-5F2894300926} [2013.07.23 12:15:48 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{07B02DF8-6DF0-4159-B951-1FACFD861575} [2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo [2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo [2013.07.23 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1968273A-1E71-4773-8B0A-655852490E8B} [2013.07.22 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C1783379-5ECE-482A-A27F-939A3F1D88BA} [2013.07.21 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EB4DD1AD-53FA-458C-BA58-A17D9EFABA16} [2013.07.21 10:51:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A8BAFF9F-4467-497E-866F-0697B8461900} [2013.07.20 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4047B6F4-467F-4CA3-8D69-419F1D5D52D6} [2013.07.20 08:35:15 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CAF4FAC6-BDEF-4C17-BDB2-28D85A5DEDD4} [2013.07.20 03:12:14 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8BC176AE-5FC4-439A-8DB0-D0DAC7AFB287} [2013.07.19 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EF957BD3-3E1E-4BE2-9558-AEF51468B312} [2013.07.18 21:57:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{221F18A9-D8E8-4555-BAC0-5454382F59FF} [2013.07.18 09:57:29 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BEC545B7-31A3-4F9E-A524-01075452EA63} [2013.07.17 10:35:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0E7070-568D-408F-AB57-6A8DF290E9E8} [2013.07.16 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1F238BD8-DD1A-4E20-8572-A5AA6785B032} [2013.07.16 10:34:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{512E2FAC-01D5-40B1-8C2B-CA5A440055BB} [2013.07.15 22:34:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{50300C40-099F-4A93-8F1A-6B713346E17D} [2013.07.15 10:34:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{72F24E69-7274-44AC-B6D1-DB51CC4FA509} [2013.07.14 22:33:40 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C93652CE-9C6E-4E29-9090-F111BB5614F0} [2013.07.14 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{90E4324A-44FA-498E-9114-659752AABAEC} [2013.07.13 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8FEC541E-DEE4-4999-A914-97A2C7D30019} [2013.07.12 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A67F1388-1546-4569-812F-3B3970480D48} [2013.07.11 23:24:39 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4BD2E493-8A72-4B9D-BEEC-B1054C40F63E} [2013.07.11 11:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.11 11:24:24 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CFD5D1DB-54FF-433F-9897-2BA6948FEAC1} [2013.07.10 21:24:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1D8CBD9C-1A76-40EC-83C7-86C6DB2B5155} [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.08.09 09:41:54 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.09 09:41:53 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.09 09:34:02 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.09 09:33:21 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.09 09:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.09 09:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.09 09:32:46 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys [2013.08.09 08:15:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job [2013.08.09 07:23:33 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job [2013.08.09 00:56:00 | 002,404,642 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.08.09 00:56:00 | 002,365,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.08.09 00:56:00 | 001,745,140 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.08.09 00:56:00 | 001,716,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.08.09 00:56:00 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.08.08 17:29:55 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.08.08 17:14:37 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130808-172955.backup [2013.08.08 16:14:54 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.08.08 10:16:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.08.08 01:58:31 | 000,002,068 | ---- | M] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.08.08 01:58:31 | 000,001,997 | ---- | M] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk [2013.08.07 10:58:18 | 000,046,916 | ---- | M] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf [2013.08.01 08:00:18 | 000,000,128 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb [2013.08.01 06:46:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.08.01 06:46:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.07.31 22:35:49 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.31 17:13:58 | 009,711,129 | ---- | M] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf [2013.07.28 20:35:53 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.07.23 09:16:30 | 000,001,139 | ---- | M] () -- C:\Users\takezo\Desktop\System Checkup.lnk [2013.07.23 09:16:26 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat [2013.07.16 17:25:39 | 000,001,138 | ---- | M] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk [2013.07.10 14:07:47 | 004,975,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.08 16:15:20 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job [2013.08.08 16:15:18 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job [2013.08.08 16:14:54 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.08.08 15:00:33 | 000,001,409 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.08.08 12:42:34 | 000,046,916 | ---- | C] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf [2013.08.08 10:16:58 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.08.08 10:16:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.08.08 00:34:09 | 000,002,068 | ---- | C] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.08.08 00:34:09 | 000,001,997 | ---- | C] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk [2013.08.04 14:06:34 | 009,711,129 | ---- | C] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf [2013.08.01 08:00:17 | 000,000,128 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb [2013.07.23 09:16:30 | 000,001,139 | ---- | C] () -- C:\Users\takezo\Desktop\System Checkup.lnk [2013.07.23 09:16:26 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat [2013.07.16 17:25:39 | 000,001,138 | ---- | C] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk [2013.01.25 12:44:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.14 11:19:49 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.04.12 06:21:32 | 000,017,408 | ---- | C] () -- C:\Users\takezo\AppData\Local\WebpageIcons.db [2011.09.29 08:47:23 | 011,165,696 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.mdb [2011.07.26 10:18:01 | 000,003,373 | ---- | C] () -- C:\Users\takezo\unigine_20110726_1017.html [2011.01.13 12:32:58 | 000,000,058 | ---- | C] () -- C:\Users\takezo\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.09.15 16:20:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.07 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.08.30 12:08:54 | 000,000,094 | ---- | C] () -- C:\Users\takezo\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2010.06.21 03:01:44 | 000,002,903 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Songbird2\Profiles\bvlf5ubh.Aida\extensions\{183f766a-4b9b-854d-88db-62677b3d779e}\chrome\skin\mini-player\l.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP ![]() < End of report > Hoffe, ich hab das so richtig gemacht! |
Themen zu Firefox öffnet websites wie serve.bannersdontwork |
adobe, avira, bho, bonjour, desktop, ebanking, entfernen, explorer, firefox, flash player, format, gmx.net, helper, kaspersky, kaspersky internet security 2013, logfile, mozilla, nvidia, plug-in, realtek, registry, security, server, software, superantispyware, tastatur, temp, windows, öffnet |