Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Being connected to www.007guard.com . Am I infected?


  • Please log in to reply

#1
Lavinya

Lavinya

    New Member

  • Member
  • Pip
  • 1 posts
Hi Support Team,
today I noticed at Recource Monitor that 4 things run with www.007guard.com: 1. avp , 2. chrome, 3. msn messenger, 4. System. Now I dont know if I am infected or not. I read that this 007guard can be bad. Once I had Sypbot Search & Destroy on my laptop and I noticed that Spybot added www.007guard.com to my hosts. I scanned my laptop with MalwareBytes and nothing was found and I have Kaspersky on my laptop just for your info. Kaspersky didn't alarm me too. Am I infected? Is it normal that system, avp, chrome and msn messenger run with 007guard.com? I put a hijackthis log on this post.

I would appreciate it so much if your team could help me..

Thanks so long..

Lavinya

OTL logfile created on: 11/12/2012 2:35:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.93 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 48.19% Memory free
5.93 Gb Paging File | 3.32 Gb Available in Paging File | 56.04% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 29.22 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 117.99 Gb Free Space | 83.38% Space Free | Partition Type: NTFS

Computer Name: ...| User Name: .... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\....\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\KeyScrambler\KeyScrambler.exe (QFX Software Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\perfmon.exe (Microsoft Corporation)
PRC - C:\Program Files\Paint.NET\PaintDotNet.exe (dotPDN LLC)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\c645a3a0517d3c435de7e92485973e26\PaintDotNet.ni.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\0c1ea490b6eef68d21ccba22789ab332\PaintDotNet.Effects.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\987758ab30671c201cc0a028556e455f\PaintDotNet.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\2d1b649e31ae9303eebf6fd15382e25b\PaintDotNet.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\6207a5aed1b10beabbdd87d851eb9e0c\PaintDotNet.Resources.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\f839d1c72e05738d32c0cd15c77d3cb5\PaintDotNet.SystemLayer.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\ac1d8cfd25a37beb4ec13f4bb9f798c9\PaintDotNet.Base.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\078b92340396fefbb84bd42be9de25c0\PaintDotNet.SystemLayer.Native.x86.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\a393ab8b2305cfd8b05ec1abd37da243\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\cb8c5004169f76e7f8deb072833204fe\Interop.WIA.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll ()
MOD - C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll ()
MOD - C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Paint.NET\Native.x86\PaintDotNet.Native.x86.dll ()
MOD - C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe /service File not found
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe /service File not found
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva389) -- File not found
DRV - (XDva349) -- File not found
DRV - (XDva348) -- File not found
DRV - (EagleNT) -- File not found
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys File not found
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (AntiLog32) -- C:\Windows\System32\drivers\AntiLog32.sys (Zemana Ltd.)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro35.sys ()
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys (IObit.com)
DRV - (vidsflt58) -- C:\Windows\System32\drivers\vsflt58.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WinDSLp) -- C:\Windows\System32\drivers\windsl.sys (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG)
DRV - (WinDSLa) -- C:\Windows\System32\drivers\windsl.sys (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C7F8C8DD-7842-4067-B3E6-7CDE37B89EEC}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: [email protected]n.net:0.4
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\....\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\....\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\....\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/02 13:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/02 13:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/02 13:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/02 13:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/09/02 13:53:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/22 14:44:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\....\Program Files\DNA [2010/10/03 09:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\....\AppData\Roaming\IDM\idmmzcc5 [2012/03/07 21:56:04 | 000,000,000 | ---D | M]

[2012/09/30 09:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Extensions
[2012/11/02 08:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions
[2011/03/12 17:09:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/10/05 10:34:15 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/11/02 08:27:03 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/03/24 07:07:24 | 000,000,000 | ---D | M] (Force-TLS) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/08/16 14:10:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2010/11/14 15:45:30 | 000,000,000 | ---D | M] (Free Hide IP) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2010/11/14 16:36:37 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ddbs752e.default\extensions
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ddbs752e.default\extensions\[email protected]
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehu\extensions
[2010/07/07 15:33:10 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehu\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehu\extensions\[email protected]
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehum\extensions
[2010/07/07 15:41:26 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehum\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.ehum\extensions\[email protected]
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/07 15:35:47 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\[email protected]
[2010/07/07 15:35:47 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\[email protected]
[2010/07/07 15:35:46 | 000,000,000 | ---D | M] (Personas) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\l0nu79ve.default\extensions\[email protected]
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ps08d2pz.default\extensions
[2012/11/02 08:27:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ps08d2pz.default\extensions\[email protected]
[2011/10/02 18:51:49 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ps08d2pz.default\extensions\[email protected]
[2011/10/03 22:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\ps08d2pz.default\extensions\staged
[2011/06/01 18:36:04 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/09/09 04:24:27 | 000,118,857 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/03/24 09:29:46 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/08/07 20:05:47 | 000,594,961 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/08/27 07:11:48 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\[email protected]
[2011/08/27 07:11:49 | 000,084,825 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2011/07/13 12:51:23 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/05/11 14:29:43 | 000,565,069 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/09/09 04:24:27 | 001,404,909 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\0n8gshtg.Standard-Benutzer\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/09/30 09:21:57 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\[email protected]
[2012/09/30 09:14:50 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\[email protected]
[2012/10/03 15:50:30 | 000,275,902 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\[email protected]
[2012/09/30 09:13:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/30 09:21:57 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/09/30 09:23:45 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/09/24 08:27:10 | 000,594,961 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ps08d2pz.default\extensions\[email protected]
[2011/09/28 20:34:47 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ps08d2pz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/24 12:21:58 | 000,417,717 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ps08d2pz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/09/24 10:22:01 | 000,565,069 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ps08d2pz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/10/15 16:05:20 | 000,001,088 | ---- | M] () -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\searchplugins\dictionarycom.xml
[2012/10/15 16:05:20 | 000,002,537 | ---- | M] () -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\searchplugins\imdb.xml
[2012/10/15 16:05:20 | 000,002,383 | ---- | M] () -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\ddbs752e.default\searchplugins\youtube.xml
[2012/10/22 14:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/22 14:44:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: http://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\....\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\....\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\....\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\....\Program Files\DNA\plugins\npbtdna.dll
CHR - Extension: Turn Off the Lights = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.16_0\
CHR - Extension: Adblock Plus = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Neat Bookmarks - github version = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiigepidhhnpmngcemncndbfahdblhi\1_0\
CHR - Extension: HTTPS Everywhere = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.10.31_0\
CHR - Extension: AdBlock = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.3_0\
CHR - Extension: Youtube\u2122 Search = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobehlihkogkaopjdeomandehpjiljjn\1.0.14_0\
CHR - Extension: Happy Snow Bears Theme = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgkeibgecaojnkagnbbdekmbkfcfoen\1.0_0\
CHR - Extension: Search Box = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.7_0\
CHR - Extension: Download = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: YouTube Repeat = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\piicimoiaiblachamdicgngccadhlecl\1.0.1_0\
CHR - Extension: Anti-Banner = C:\Users\....\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/01/27 23:40:19 | 000,441,158 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15160 more lines...
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~3\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [WinDSL MTU-Adjust] C:\windows\System32\WinDSL_MTU.exe (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1323933639407 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAE6D468-DA1F-46EB-9239-A428AAEB4D71}: NameServer = 194.8.194.60 81.173.194.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E366DA8A-EC55-4CAC-9A1B-0C76A4645162}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 14:37:10 | 000,000,000 | ---D | C] -- C:\Users\....\Desktop\Neuer Ordner
[2012/11/12 14:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\hsswpr
[2012/11/12 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\....\AppData\Roaming\Hotspot Shield
[2012/11/12 12:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/11/12 12:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/11/12 11:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/12 11:22:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/11/12 11:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/11 20:49:12 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/11/02 08:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2012/11/01 19:29:22 | 000,035,592 | ---- | C] (Anchorfree Inc.) -- C:\windows\System32\drivers\taphss6.sys
[2012/11/01 19:21:56 | 000,035,592 | ---- | C] (AnchorFree Inc.) -- C:\windows\System32\drivers\hssdrv6.sys
[2012/10/22 14:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/11/12 14:40:31 | 000,007,599 | ---- | M] () -- C:\Users\....\AppData\Local\Resmon.ResmonCfg
[2012/11/12 14:23:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/12 14:21:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 13:56:00 | 000,001,144 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/12 11:07:40 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 11:07:40 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 11:05:23 | 015,015,616 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/12 11:05:23 | 004,740,330 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/12 11:05:23 | 000,302,894 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/12 11:05:23 | 000,038,698 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/12 11:01:48 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 11:00:22 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/12 11:00:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/11 15:07:59 | 000,001,930 | -H-- | M] () -- C:\Users\....\Desktop\Dokument2.rtf
[2012/11/04 14:56:00 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
[2012/11/01 19:29:22 | 000,035,592 | ---- | M] (Anchorfree Inc.) -- C:\windows\System32\drivers\taphss6.sys
[2012/11/01 19:21:56 | 000,035,592 | ---- | M] (AnchorFree Inc.) -- C:\windows\System32\drivers\hssdrv6.sys
[2012/10/30 09:54:38 | 000,000,748 | -H-- | M] () -- C:\Users\....\Desktop\Dokument.rtf
[2012/10/21 17:54:07 | 000,002,348 | ---- | M] () -- C:\Users\....\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/11/07 09:08:39 | 000,001,930 | -H-- | C] () -- C:\Users\....\Desktop\Dokument2.rtf
[2012/10/27 19:50:35 | 000,000,748 | -H-- | C] () -- C:\Users\....\Desktop\Dokument.rtf
[2012/10/21 17:54:07 | 000,002,348 | ---- | C] () -- C:\Users\....\Desktop\Google Chrome.lnk
[2012/09/04 11:11:10 | 000,000,048 | ---- | C] () -- C:\windows\pmib.sys
[2012/09/02 13:43:38 | 000,001,404 | ---- | C] () -- C:\ProgramData\1346589818.bdinstall.bin
[2012/09/02 13:18:38 | 000,197,903 | ---- | C] () -- C:\ProgramData\1346588239.bdinstall.bin
[2012/08/19 12:15:06 | 000,460,240 | ---- | C] () -- C:\ProgramData\1345374435.bdinstall.bin
[2012/07/20 13:28:27 | 000,140,232 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2012/07/20 13:28:26 | 000,138,904 | ---- | C] () -- C:\Users\....\AppData\Roaming\PnkBstrK.sys
[2012/07/20 13:28:07 | 000,283,416 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2012/07/20 13:28:03 | 000,076,888 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2012/07/11 09:28:35 | 000,015,672 | ---- | C] () -- C:\windows\System32\drivers\SmartDefragDriver.sys
[2012/03/16 10:29:02 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2012/01/26 14:32:52 | 000,001,519 | ---- | C] () -- C:\Users\....\.recently-used.xbel
[2011/10/10 11:55:17 | 000,000,000 | ---- | C] () -- C:\Users\....\AppData\Local\{7E9ADC8A-868B-4A5C-85E7-354AD0CE2AD9}
[2011/10/01 12:45:02 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll1042.old
[2011/09/30 19:49:54 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2011/09/20 12:49:34 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/09/14 08:38:23 | 000,017,408 | ---- | C] () -- C:\Users\....\AppData\Local\WebpageIcons.db
[2011/09/13 20:06:10 | 000,000,020 | ---- | C] () -- C:\Users\....\defogger_reenable
[2011/09/13 08:56:03 | 000,000,861 | ---- | C] () -- C:\windows\wininit.ini
[2011/08/13 12:28:03 | 000,001,466 | ---- | C] () -- C:\Users\....\AppData\Local\RecConfig.xml
[2011/05/26 15:44:19 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/26 15:44:19 | 000,000,088 | RHS- | C] () -- C:\ProgramData\D6C0067753.sys
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/02/08 22:23:49 | 000,000,000 | ---- | C] () -- C:\windows\OZ.dat
[2011/01/31 09:31:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/19 15:18:57 | 000,007,599 | ---- | C] () -- C:\Users\....\AppData\Local\Resmon.ResmonCfg
[2010/03/17 12:09:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | ---- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/23 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\Ambient Design
[2011/07/22 18:25:52 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\Avination_Viewer
[2012/09/02 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\Bitdefender
[2012/03/11 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\BSplayer
[2010/06/03 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\BSplayer Pro
[2011/09/15 09:45:43 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\Canneverbe Limited
[2011/10/01 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\CPUTempWatch
[2011/08/09 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\DAEMON Tools Lite
[2010/10/22 02:14:42 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\DMCache
[2010/12/17 01:23:43 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\DNA
[2012/03/13 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\DT
[2011/07/22 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\FreeClearCookies
[2011/07/22 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\FreeHideIP
[2011/08/28 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\GetRightToGo
[2012/01/26 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\gtk-2.0
[2012/03/07 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\IDM
[2012/11/02 08:24:19 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\IObit
[2011/07/22 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\IrfanView
[2010/12/07 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\LolClient
[2012/05/24 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\LolClient2
[2010/05/30 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\Octoshape
[2011/02/20 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\ProtectDISC
[2012/11/12 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\QFX Software
[2012/09/10 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\QuickScan
[2012/09/03 07:25:30 | 000,000,000 | ---D | M] -- C:\Users\....\AppData\Roaming\TeamViewer


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:42DC4246
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

Attached Thumbnails

  • Unbenannt.png

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert. Are you still connecting to 007guard.com?

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP