Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.02.2013, 02:32   #1
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hallo,
ich habe versucht so viele Punkte wie möglich von den goldenen Regln abzuarbeiten.
Seit einigen Tagen habe ich das Problem, dass in FF links unten in fast jedem FEnster/Tab Popups auftauchen, außerdem wurde immer häufiger "302 - The document has temprorarily moved" angezeigt. Irgendwann gingen die Links dann gar nicht mehr - es wurde mir einfach nur noch eine weisse Seite angezeigt.
Malware und Avira haben nichts gefunden, daher habe ich auf anraten eines Freundes avast installiert, welches einen "php agent" mit der Bemerkung Trojaner identifizierte. Dieser war in einem Wordpresstheme, dass ich vor einer Weile herunter geladen hatte. Ich habe den php agent in den "Container" verschoben, das entsprechende WP-Theme gelöscht und FF neu intalliert. Leider bin ich durch den avast-Schutz nicht mehr ins Internet gekommen, so dass ich avast wieder deinstallieren musste um überhaupt wieder ins Internet zu kommen und deshalb keine Log-Datei mehr davon habe

Die Pop up's sind allerdings immer noch da, die Fehlermeldung ist bisher allerdings nicht wieder aufgetaucht.
OTL und GMER habe ich runtergeladen, Malware hatte ich noch, allerdings ist die Testversion lange abgelaufen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/27/2013 2:35:10 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.37% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1055.05 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.71 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 63.69 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/27 01:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lena\Downloads\OTL.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/09 08:51:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 18:17:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 18:17:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/08 18:17:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/04 17:19:02 | 001,588,512 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
PRC - [2012/05/04 17:19:02 | 000,732,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
PRC - [2012/05/04 17:19:02 | 000,274,208 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2012/05/04 17:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2012/01/04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Eigene Programme\Open Office\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Eigene Programme\Open Office\program\soffice.bin
PRC - [2010/12/20 20:31:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/04 17:19:02 | 001,588,512 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
MOD - [2012/05/04 17:19:02 | 001,525,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
MOD - [2012/05/04 17:19:02 | 000,778,016 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
MOD - [2012/05/04 17:19:02 | 000,732,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
MOD - [2012/05/04 17:19:02 | 000,705,824 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
MOD - [2012/05/04 17:19:02 | 000,612,640 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
MOD - [2012/05/04 17:19:02 | 000,582,944 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
MOD - [2012/05/04 17:19:02 | 000,407,840 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
MOD - [2012/05/04 17:19:02 | 000,333,600 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
MOD - [2012/05/04 17:19:02 | 000,322,336 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
MOD - [2012/05/04 17:19:02 | 000,287,008 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
MOD - [2012/05/04 17:19:02 | 000,255,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
MOD - [2012/05/04 17:19:02 | 000,253,728 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
MOD - [2012/05/04 17:19:02 | 000,247,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
MOD - [2012/05/04 17:19:02 | 000,243,488 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
MOD - [2012/05/04 17:19:02 | 000,228,640 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
MOD - [2012/05/04 17:19:02 | 000,188,704 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
MOD - [2012/05/04 17:19:02 | 000,179,488 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
MOD - [2012/05/04 17:19:02 | 000,176,416 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
MOD - [2012/05/04 17:19:02 | 000,159,520 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
MOD - [2012/05/04 17:19:02 | 000,157,472 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
MOD - [2012/05/04 17:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
MOD - [2012/05/04 17:19:02 | 000,147,744 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
MOD - [2012/05/04 17:19:02 | 000,146,720 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
MOD - [2012/05/04 17:19:02 | 000,128,288 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
MOD - [2012/05/04 17:19:02 | 000,127,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
MOD - [2012/05/04 17:19:02 | 000,111,904 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
MOD - [2012/05/04 17:19:02 | 000,107,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
MOD - [2012/05/04 17:19:02 | 000,098,592 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
MOD - [2012/05/04 17:19:02 | 000,092,960 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
MOD - [2012/05/04 17:19:02 | 000,092,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
MOD - [2012/05/04 17:02:02 | 000,618,968 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
MOD - [2012/01/04 17:58:25 | 000,985,088 | ---- | M] () -- C:\Eigene Programme\Open Office\program\libxml2.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/11/03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/12/09 07:08:08 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/12/09 04:00:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 14:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/27 01:23:46 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/05/08 18:17:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 18:17:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 18:17:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 17:19:02 | 000,274,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/12/06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/08 18:17:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 18:17:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/09/16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/12/29 03:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/20 20:31:18 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/20 20:31:16 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/09 04:46:36 | 008,281,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/12/09 04:46:36 | 008,281,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/09 03:18:44 | 000,292,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/09/29 22:19:58 | 000,046,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/06/17 10:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/02/18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/02/06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D3ACFDF8-6429-464F-B54B-88BD2146C86A}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://findgala.com/?&uid=8050&q={searchTerms}
IE - HKCU\..\SearchScopes\{D3ACFDF8-6429-464F-B54B-88BD2146C86A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_enDE393
IE - HKCU\..\SearchScopes\{F0844E00-3FAD-4157-B761-F1A8F53C06E8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/10 14:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/04 14:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/26 00:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Eigene Programme\Thunderbird\components [2013/02/20 22:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Eigene Programme\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Eigene Programme\Thunderbird\components [2013/02/20 22:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Eigene Programme\Thunderbird\plugins
 
[2013/02/26 00:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions
[2013/02/26 00:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
 
O1 HOSTS File: ([2012/03/01 16:57:05 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [ZoneAlarm Installer] C:\Program Files (x86)\CheckPoint\Install\Launcher.exe ()
O4 - Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Eigene Programme\Open Office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201F70FD-869A-4D56-8B1E-41F95FBAED79}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88127DE2-428D-468F-8980-0C499B36BDC4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 00:53:45 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Studium - Kopie
[2013/02/26 00:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Eltern - Kopie
[2013/02/26 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/26 00:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/26 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Mozilla
[2013/02/24 18:34:48 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/24 15:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/24 15:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/24 01:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lena\Calibre Bibliothek\Documents\Simply Super Software
[2013/02/24 01:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Simply Super Software
[2013/02/24 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013/02/24 01:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013/02/24 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013/02/22 01:51:19 | 000,000,000 | ---D | C] -- C:\UserData
[2013/02/13 11:26:17 | 000,000,000 | ---D | C] -- C:\Users\Lena\uli
[2013/02/04 01:32:27 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Local\www.rene-zeidler.de
[2013/02/04 01:32:18 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\www.rene-zeidler.de
[2013/02/04 01:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\www.rene-zeidler.de
[2013/02/04 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\SnippingToolPlusv3-4-1-0
[2013/02/04 00:47:31 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\FileZilla
[2013/02/04 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\FileZilla_3.6.0.2_win32
[2013/01/28 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\Lena\Calibre Bibliothek\Documents\My Digital Editions
[2013/01/28 16:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2013/01/28 16:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2013/01/28 16:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2013/01/28 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\HP
[2013/01/28 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/01/28 11:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/01/28 11:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/01/28 11:03:13 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510a-f
[2013/01/28 11:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/01/28 11:02:20 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/01/28 10:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/27 02:22:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 01:45:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 01:27:08 | 000,376,832 | ---- | M] () -- C:\Users\Lena\Desktop\gmer_2.1.19081.exe
[2013/02/27 01:26:04 | 000,334,014 | ---- | M] () -- C:\Users\Lena\Desktop\Anleitung.jpg
[2013/02/27 00:45:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 23:52:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 23:52:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 23:45:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/02/26 23:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/26 23:44:56 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 00:53:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/26 00:53:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/26 00:53:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/26 00:53:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/26 00:53:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/26 00:46:39 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/25 01:29:35 | 000,410,552 | ---- | M] () -- C:\Users\Lena\Desktop\bookmarks-2013-02-25.json
[2013/02/25 01:29:27 | 000,838,619 | ---- | M] () -- C:\Users\Lena\Desktop\bookmarks.html
[2013/02/24 18:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/24 18:32:34 | 127,444,664 | ---- | M] () -- C:\Users\Lena\avast_internet_security_setup.exe
[2013/02/24 01:09:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013/02/23 03:28:27 | 000,119,352 | ---- | M] () -- C:\Users\Lena\Calibre Bibliothek\Documents\cc_20130223_032819.reg
[2013/02/23 03:24:07 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/20 22:12:24 | 000,025,614 | ---- | M] () -- C:\Users\Lena\11073_392514084178758_478067304_n.jpg
[2013/02/19 23:52:00 | 000,056,563 | ---- | M] () -- C:\Users\Lena\.recently-used.xbel
[2013/02/19 20:06:56 | 001,080,443 | ---- | M] () -- C:\Users\Lena\Desktop\Fleisch.png
[2013/02/18 20:00:31 | 000,458,861 | ---- | M] () -- C:\Users\Lena\Kindergeldantrag Celle.pdf
[2013/02/18 11:53:57 | 002,496,960 | ---- | M] () -- C:\Users\Lena\Desktop\Fleischfacts.pdf
[2013/02/13 14:25:22 | 000,452,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/11 23:23:02 | 000,669,686 | ---- | M] () -- C:\Users\Lena\Desktop\SoSe2013.021.pdf
[2013/02/08 00:23:24 | 000,010,427 | ---- | M] () -- C:\Users\Lena\Protokoll Daniel.odt
[2013/01/29 09:59:36 | 000,001,654 | ---- | M] () -- C:\Users\Lena\Desktop\vpngui - Verknüpfung.lnk
[2013/01/29 09:54:00 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/01/28 19:08:55 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2013/01/28 16:40:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2013/01/28 16:39:16 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2013/01/28 11:13:50 | 000,017,437 | ---- | M] () -- C:\Users\Lena\Desktop\schild.FH9
[2013/01/28 11:07:49 | 000,128,023 | ---- | M] () -- C:\Windows\hpwins27.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/27 01:26:55 | 000,376,832 | ---- | C] () -- C:\Users\Lena\Desktop\gmer_2.1.19081.exe
[2013/02/27 01:26:04 | 000,334,014 | ---- | C] () -- C:\Users\Lena\Desktop\Anleitung.jpg
[2013/02/26 00:46:39 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/26 00:46:39 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/25 01:29:35 | 000,410,552 | ---- | C] () -- C:\Users\Lena\Desktop\bookmarks-2013-02-25.json
[2013/02/25 01:29:26 | 000,838,619 | ---- | C] () -- C:\Users\Lena\Desktop\bookmarks.html
[2013/02/24 18:35:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 18:35:37 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 18:34:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/24 15:29:40 | 127,444,664 | ---- | C] () -- C:\Users\Lena\avast_internet_security_setup.exe
[2013/02/24 01:09:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013/02/23 03:28:24 | 000,119,352 | ---- | C] () -- C:\Users\Lena\Calibre Bibliothek\Documents\cc_20130223_032819.reg
[2013/02/20 22:12:22 | 000,025,614 | ---- | C] () -- C:\Users\Lena\11073_392514084178758_478067304_n.jpg
[2013/02/19 23:52:00 | 000,056,563 | ---- | C] () -- C:\Users\Lena\.recently-used.xbel
[2013/02/19 20:06:56 | 001,080,443 | ---- | C] () -- C:\Users\Lena\Desktop\Fleisch.png
[2013/02/18 20:06:43 | 000,009,367 | ---- | C] () -- C:\Users\Lena\Calibre Bibliothek\Documents\Wichtige Daten!!.odt
[2013/02/18 20:00:31 | 000,458,861 | ---- | C] () -- C:\Users\Lena\Kindergeldantrag Celle.pdf
[2013/02/18 11:53:57 | 002,496,960 | ---- | C] () -- C:\Users\Lena\Desktop\Fleischfacts.pdf
[2013/02/11 23:23:00 | 000,669,686 | ---- | C] () -- C:\Users\Lena\Desktop\SoSe2013.021.pdf
[2013/02/08 00:23:21 | 000,010,427 | ---- | C] () -- C:\Users\Lena\Protokoll Daniel.odt
[2013/01/31 01:12:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013/01/29 09:59:36 | 000,001,654 | ---- | C] () -- C:\Users\Lena\Desktop\vpngui - Verknüpfung.lnk
[2013/01/28 19:08:55 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2013/01/28 16:39:16 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2013/01/28 16:39:02 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2013/01/28 11:01:26 | 000,128,023 | ---- | C] () -- C:\Windows\hpwins27.dat
[2013/01/28 11:01:26 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2013/01/11 23:11:36 | 001,742,850 | ---- | C] () -- C:\Users\Lena\Justus.JPG
[2013/01/09 01:35:21 | 000,796,300 | ---- | C] () -- C:\Users\Lena\creativity_matters.pdf
[2012/12/19 20:36:53 | 001,321,955 | ---- | C] () -- C:\Users\Lena\The-Holistic-Mamas-Recipe-Collection.pdf
[2012/12/12 01:16:55 | 000,018,284 | ---- | C] () -- C:\Users\Lena\Glodde Stammbaum Papa.odt
[2012/12/12 00:24:27 | 000,035,797 | ---- | C] () -- C:\Users\Lena\Glodde Stammbaum Silvia Glodde.pdf
[2012/11/28 20:06:15 | 001,824,166 | ---- | C] () -- C:\Users\Lena\IMG_4993.JPG
[2012/11/19 21:59:24 | 002,963,466 | ---- | C] () -- C:\Users\Lena\eBook-Real-Food-Nutrition-REV.pdf
[2012/09/02 00:45:51 | 000,009,367 | ---- | C] () -- C:\Users\Lena\Wichtige Daten!!.odt
[2012/08/06 11:02:30 | 000,005,576 | ---- | C] () -- C:\Users\Lena\Konto_1241416344_06-08-12.csv
[2012/05/07 19:54:58 | 000,021,404 | ---- | C] () -- C:\Users\Lena\Essenliste.FH9
[2012/04/29 20:04:48 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/01/21 13:05:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/04 18:04:44 | 000,000,226 | ---- | C] () -- C:\Users\Lena\AppData\Roaming\burnaware.ini
[2011/03/04 17:13:22 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/11 02:23:38 | 000,000,000 | -HSD | M] -- C:\Users\Lena\AppData\Roaming\.#
[2012/01/25 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Amazon
[2012/03/22 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Anarchy
[2012/01/11 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Anuman
[2012/01/04 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Big Fish Games
[2012/01/08 13:19:29 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\calibre
[2012/04/29 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Canneverbe Limited
[2012/01/04 14:33:03 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\CheckPoint
[2012/08/05 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\DivoGames
[2012/02/11 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Dreamsdwell Stories 2
[2013/02/19 23:51:09 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\FileZilla
[2012/06/16 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\FlyWheelGames
[2012/02/11 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\GAMGO
[2012/02/26 21:10:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Green Clover Games
[2013/02/19 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\gtk-2.0
[2012/07/22 00:43:13 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\GuardiansOfMagic
[2012/02/07 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\HdO Adventure
[2012/01/11 01:29:56 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Home Sweet Home 2
[2012/03/10 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\IronCode
[2012/08/07 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\JoyBits
[2012/01/04 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Lazy Turtle Games
[2012/03/11 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Meridian93
[2012/04/25 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Merscom
[2012/04/27 12:53:14 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Muse
[2012/07/14 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\My Games
[2012/03/31 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\MysteryStudio
[2012/04/06 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Natural Threat.Ominous Shores
[2012/01/04 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\OpenOffice.org
[2012/02/04 00:59:22 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Playrix Entertainment
[2012/06/29 13:13:45 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Rainbow
[2012/03/13 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Sahmon Games
[2012/05/20 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Shape games
[2012/07/02 08:15:49 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Silverback Productions
[2013/02/24 01:09:40 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Simply Super Software
[2012/07/12 11:29:00 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Sleepwalker Games
[2012/01/04 22:28:43 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\SPORE
[2012/03/26 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\TeamViewer
[2012/05/27 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Temp
[2012/01/04 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Thunderbird
[2012/08/07 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Unity
[2012/06/22 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\VC 2 Paradise Resort
[2012/01/21 13:05:21 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Virtual Prophecy
[2012/06/26 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Visan
[2013/02/04 01:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\www.rene-zeidler.de
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:F33592E3
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:3CAE2A70
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:63C29481
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:178093AE
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:A18D1A5B
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:887F3A41
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F41F8101
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:48C30809
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:02A78DF6
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:E4FCDFD9
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5EF72D85
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:2BC498A4
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D5BF78B4
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:ECFD9449
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:97C4F81F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:6F55EB66
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:241FA548
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C1308100
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:40DA0795
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7E0EFF7B
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:A00BCDEF
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8917A3FD
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:E84CA8F2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:378824DE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:479B1CF9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8DF68137

< End of report >
         
--- --- ---


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lena :: BATTLESTAR [Administrator]

24.02.2013 11:02:56
mbam-log-2013-02-24 (11-02-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 517732
Laufzeit: 2 Stunde(n), 22 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 24. Februar 2013  12:02

Es wird nach 5069433 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : BATTLESTAR

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 19:14:50
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:17:00
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:17:01
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:17:04
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 08:18:32
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:24:08
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 00:05:48
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 22:16:28
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 15:40:31
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 19:13:49
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 23:20:01
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 23:20:01
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 23:20:02
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 23:20:02
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 23:20:02
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 00:51:37
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 00:51:35
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 13:36:10
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 22:37:24
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 22:37:24
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 22:37:28
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 22:37:29
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 19:22:56
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 19:22:59
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 00:12:43
VBASE023.VDF   : 7.11.62.112     2048 Bytes  23.02.2013 00:12:43
VBASE024.VDF   : 7.11.62.113     2048 Bytes  23.02.2013 00:12:43
VBASE025.VDF   : 7.11.62.114     2048 Bytes  23.02.2013 00:12:43
VBASE026.VDF   : 7.11.62.115     2048 Bytes  23.02.2013 00:12:43
VBASE027.VDF   : 7.11.62.116     2048 Bytes  23.02.2013 00:12:43
VBASE028.VDF   : 7.11.62.117     2048 Bytes  23.02.2013 00:12:43
VBASE029.VDF   : 7.11.62.118     2048 Bytes  23.02.2013 00:12:43
VBASE030.VDF   : 7.11.62.119     2048 Bytes  23.02.2013 00:12:44
VBASE031.VDF   : 7.11.62.128    34304 Bytes  23.02.2013 00:12:44
Engineversion  : 8.2.12.8  
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 22:16:44
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  22.02.2013 22:10:06
AESCN.DLL      : 8.1.10.0      131445 Bytes  15.12.2012 19:23:11
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:19:05
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 21:31:58
AEPACK.DLL     : 8.3.1.10      815480 Bytes  21.02.2013 19:23:13
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 19:12:12
AEHEUR.DLL     : 8.1.4.218    5792121 Bytes  22.02.2013 22:10:05
AEHELP.DLL     : 8.1.25.2      258423 Bytes  22.10.2012 15:06:50
AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 16:46:04
AEEXP.DLL      : 8.4.0.4       188789 Bytes  22.02.2013 22:10:07
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 22:16:43
AECORE.DLL     : 8.1.31.2      201080 Bytes  21.02.2013 19:23:06
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 19:12:05
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:17:00
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 19:14:48
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:17:04
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 19:14:47
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:17:00
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:17:04
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  09.08.2012 07:52:01
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:17:01
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  09.08.2012 07:51:49
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 19:14:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5129e478\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Sonntag, 24. Februar 2013  12:02

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMUpdater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKPrinterSDK.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKAiOHostService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Lena\AppData\Local\zyqrykuq.exe'
C:\Users\Lena\AppData\Local\zyqrykuq.exe
  [FUND]      Ist das Trojanische Pferd TR/Winwebsec.A.1800
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55ca5ea0.qua' verschoben!


Ende des Suchlaufs: Sonntag, 24. Februar 2013  12:03
Benötigte Zeit: 00:55 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     30 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     29 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         

Geändert von Lena_ (27.02.2013 um 02:56 Uhr)

Alt 27.02.2013, 12:28   #2
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



hi,
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________

__________________

Alt 27.02.2013, 20:18   #3
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Ich hoffe, ich hab alles richtig gemacht... Hier das Textdokument:

Code:
ATTFilter
All processes killed
========== OTL ==========
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 2483510 bytes
->Temporary Internet Files folder emptied: 2229655 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18626040 bytes
->Flash cache emptied: 56958 bytes
 
User: Daniel.Battlestar
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lena
->Temp folder emptied: 19131158 bytes
->Temporary Internet Files folder emptied: 177955882 bytes
->Java cache emptied: 8338 bytes
->FireFox cache emptied: 90634483 bytes
->Flash cache emptied: 57626 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3535462 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 24141331 bytes
 
Total Files Cleaned = 358.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272013_201134

Files\Folders moved on Reboot...
C:\Users\Lena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 27.02.2013, 20:42   #4
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



hi öffne mal Avira, einstellungen, expertenmodus anhaken, dann mal alle einstellungen durchgehen, und die menüs aufklappen, da müsste es etwas wie host schutz geben, da mal den haken raus. dann ok klicken, otl fix noch mal ausführen und hostschutz dann wieder reaktivieren
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 21:26   #5
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



So, diesmal hat avira auch nichts angemeckert:

Code:
ATTFilter
All processes killed
========== OTL ==========
Unable to save new HOSTS file
67.215.245.19 ad-emea.doubleclick.net. removed from HOSTS file successfully
67.215.245.19 www.statcounter.com. removed from HOSTS file successfully
108.163.215.51 www.google-analytics.com. removed from HOSTS file successfully
108.163.215.51 ad-emea.doubleclick.net. removed from HOSTS file successfully
108.163.215.51 www.statcounter.com. removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Daniel.Battlestar
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lena
->Temp folder emptied: 1410302 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20307423 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3690850 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 451714 bytes
 
Total Files Cleaned = 25.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272013_211843

Files\Folders moved on Reboot...
C:\Users\Lena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 27.02.2013, 21:33   #6
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



hi, ok
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)

Alt 01.03.2013, 09:18   #7
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Ich hoffe, das hier ist das richtige log:

Code:
ATTFilter
09:15:55.0841 1088  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:15:57.0853 1088  ============================================================
09:15:57.0853 1088  Current date / time: 2013/03/01 09:15:57.0853
09:15:57.0853 1088  SystemInfo:
09:15:57.0853 1088  
09:15:57.0853 1088  OS Version: 6.1.7601 ServicePack: 1.0
09:15:57.0853 1088  Product type: Workstation
09:15:57.0853 1088  ComputerName: BATTLESTAR
09:15:57.0853 1088  UserName: Lena
09:15:57.0853 1088  Windows directory: C:\Windows
09:15:57.0853 1088  System windows directory: C:\Windows
09:15:57.0853 1088  Running under WOW64
09:15:57.0853 1088  Processor architecture: Intel x64
09:15:57.0853 1088  Number of processors: 4
09:15:57.0853 1088  Page size: 0x1000
09:15:57.0853 1088  Boot type: Normal boot
09:15:57.0853 1088  ============================================================
09:15:58.0961 1088  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:15:58.0961 1088  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:15:59.0319 1088  ============================================================
09:15:59.0319 1088  \Device\Harddisk0\DR0:
09:15:59.0319 1088  MBR partitions:
09:15:59.0319 1088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:15:59.0319 1088  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAAC54800
09:15:59.0319 1088  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAAC87000, BlocksNum 0x3C00000
09:15:59.0319 1088  \Device\Harddisk1\DR1:
09:15:59.0335 1088  MBR partitions:
09:15:59.0335 1088  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:15:59.0335 1088  ============================================================
09:15:59.0351 1088  C: <-> \Device\Harddisk0\DR0\Partition2
09:15:59.0382 1088  D: <-> \Device\Harddisk0\DR0\Partition3
09:15:59.0413 1088  J: <-> \Device\Harddisk1\DR1\Partition1
09:15:59.0413 1088  ============================================================
09:15:59.0413 1088  Initialize success
09:15:59.0413 1088  ============================================================
09:16:21.0128 6120  ============================================================
09:16:21.0128 6120  Scan started
09:16:21.0128 6120  Mode: Manual; SigCheck; TDLFS; 
09:16:21.0128 6120  ============================================================
09:16:21.0659 6120  ================ Scan system memory ========================
09:16:21.0659 6120  System memory - ok
09:16:21.0659 6120  ================ Scan services =============================
09:16:21.0783 6120  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:16:21.0861 6120  1394ohci - ok
09:16:21.0877 6120  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:16:21.0893 6120  ACPI - ok
09:16:21.0908 6120  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:16:21.0924 6120  AcpiPmi - ok
09:16:22.0017 6120  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:16:22.0017 6120  AdobeARMservice - ok
09:16:22.0205 6120  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:16:22.0236 6120  AdobeFlashPlayerUpdateSvc - ok
09:16:22.0267 6120  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:16:22.0283 6120  adp94xx - ok
09:16:22.0298 6120  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:16:22.0314 6120  adpahci - ok
09:16:22.0329 6120  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:16:22.0345 6120  adpu320 - ok
09:16:22.0361 6120  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:16:22.0407 6120  AeLookupSvc - ok
09:16:22.0454 6120  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:16:22.0470 6120  AFD - ok
09:16:22.0517 6120  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:16:22.0548 6120  agp440 - ok
09:16:22.0563 6120  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:16:22.0595 6120  ALG - ok
09:16:22.0610 6120  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:16:22.0626 6120  aliide - ok
09:16:22.0641 6120  [ 6DF30F508B31112BCD2ABC3E00BF3E33 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:16:22.0657 6120  AMD External Events Utility - ok
09:16:22.0735 6120  AMD FUEL Service - ok
09:16:22.0751 6120  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
09:16:22.0782 6120  AMD Reservation Manager - ok
09:16:22.0797 6120  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:16:22.0813 6120  amdide - ok
09:16:22.0829 6120  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\drivers\amdiox64.sys
09:16:22.0907 6120  amdiox64 - ok
09:16:22.0922 6120  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:16:22.0938 6120  AmdK8 - ok
09:16:23.0109 6120  [ D3B70DAB12FECB8453E061E719B10D86 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:16:23.0297 6120  amdkmdag - ok
09:16:23.0312 6120  [ A9B04D58ABCECF6329F87C8FD3382AB1 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:16:23.0328 6120  amdkmdap - ok
09:16:23.0343 6120  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:16:23.0343 6120  AmdPPM - ok
09:16:23.0359 6120  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:16:23.0375 6120  amdsata - ok
09:16:23.0390 6120  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:16:23.0406 6120  amdsbs - ok
09:16:23.0421 6120  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:16:23.0421 6120  amdxata - ok
09:16:23.0453 6120  [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
09:16:23.0453 6120  amd_sata - ok
09:16:23.0468 6120  [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
09:16:23.0468 6120  amd_xata - ok
09:16:23.0531 6120  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:16:23.0562 6120  AntiVirSchedulerService - ok
09:16:23.0577 6120  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:16:23.0593 6120  AntiVirService - ok
09:16:23.0609 6120  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:16:23.0624 6120  AntiVirWebService - ok
09:16:23.0655 6120  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:16:23.0718 6120  AppID - ok
09:16:23.0749 6120  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:16:23.0765 6120  AppIDSvc - ok
09:16:23.0796 6120  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
09:16:23.0827 6120  Appinfo - ok
09:16:23.0843 6120  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
09:16:23.0858 6120  arc - ok
09:16:23.0874 6120  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:16:23.0874 6120  arcsas - ok
09:16:23.0905 6120  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:16:23.0936 6120  AsyncMac - ok
09:16:23.0952 6120  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:16:23.0967 6120  atapi - ok
09:16:23.0999 6120  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:16:23.0999 6120  AtiHDAudioService - ok
09:16:24.0170 6120  [ D3B70DAB12FECB8453E061E719B10D86 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
09:16:24.0248 6120  atikmdag - ok
09:16:24.0295 6120  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\Windows\system32\drivers\AtiPcie64.sys
09:16:24.0311 6120  AtiPcie - ok
09:16:24.0326 6120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:16:24.0373 6120  AudioEndpointBuilder - ok
09:16:24.0373 6120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:16:24.0420 6120  AudioSrv - ok
09:16:24.0529 6120  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
09:16:24.0560 6120  avgntflt - ok
09:16:24.0591 6120  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
09:16:24.0623 6120  avipbb - ok
09:16:24.0638 6120  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
09:16:24.0654 6120  avkmgr - ok
09:16:24.0685 6120  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:16:24.0716 6120  AxInstSV - ok
09:16:24.0763 6120  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:16:24.0779 6120  b06bdrv - ok
09:16:24.0825 6120  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:16:24.0841 6120  b57nd60a - ok
09:16:24.0888 6120  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:16:24.0903 6120  BDESVC - ok
09:16:24.0935 6120  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:16:24.0966 6120  Beep - ok
09:16:24.0981 6120  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:16:25.0028 6120  BFE - ok
09:16:25.0044 6120  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
09:16:25.0075 6120  BITS - ok
09:16:25.0091 6120  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:16:25.0106 6120  blbdrive - ok
09:16:25.0137 6120  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:16:25.0153 6120  bowser - ok
09:16:25.0184 6120  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:16:25.0200 6120  BrFiltLo - ok
09:16:25.0215 6120  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:16:25.0231 6120  BrFiltUp - ok
09:16:25.0262 6120  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:16:25.0262 6120  Browser - ok
09:16:25.0309 6120  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:16:25.0325 6120  Brserid - ok
09:16:25.0340 6120  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:16:25.0356 6120  BrSerWdm - ok
09:16:25.0387 6120  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:16:25.0403 6120  BrUsbMdm - ok
09:16:25.0434 6120  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:16:25.0465 6120  BrUsbSer - ok
09:16:25.0481 6120  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:16:25.0496 6120  BTHMODEM - ok
09:16:25.0527 6120  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:16:25.0559 6120  bthserv - ok
09:16:25.0590 6120  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:16:25.0621 6120  cdfs - ok
09:16:25.0637 6120  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:16:25.0652 6120  cdrom - ok
09:16:25.0668 6120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:16:25.0699 6120  CertPropSvc - ok
09:16:25.0715 6120  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
09:16:25.0730 6120  circlass - ok
09:16:25.0746 6120  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:16:25.0761 6120  CLFS - ok
09:16:25.0808 6120  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:16:25.0808 6120  clr_optimization_v2.0.50727_32 - ok
09:16:25.0855 6120  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:16:25.0886 6120  clr_optimization_v2.0.50727_64 - ok
09:16:25.0933 6120  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:16:25.0949 6120  clr_optimization_v4.0.30319_32 - ok
09:16:25.0964 6120  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:16:25.0980 6120  clr_optimization_v4.0.30319_64 - ok
09:16:25.0995 6120  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:16:26.0011 6120  CmBatt - ok
09:16:26.0027 6120  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:16:26.0042 6120  cmdide - ok
09:16:26.0073 6120  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:16:26.0105 6120  CNG - ok
09:16:26.0136 6120  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:16:26.0136 6120  Compbatt - ok
09:16:26.0167 6120  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:16:26.0183 6120  CompositeBus - ok
09:16:26.0183 6120  COMSysApp - ok
09:16:26.0198 6120  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:16:26.0214 6120  crcdisk - ok
09:16:26.0261 6120  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:16:26.0276 6120  CryptSvc - ok
09:16:26.0292 6120  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
09:16:26.0307 6120  CVirtA - ok
09:16:26.0370 6120  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:16:26.0417 6120  CVPND - ok
09:16:26.0432 6120  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
09:16:26.0432 6120  CVPNDRVA - ok
09:16:26.0463 6120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:16:26.0510 6120  DcomLaunch - ok
09:16:26.0526 6120  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:16:26.0557 6120  defragsvc - ok
09:16:26.0588 6120  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:16:26.0619 6120  DfsC - ok
09:16:26.0635 6120  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:16:26.0651 6120  Dhcp - ok
09:16:26.0682 6120  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:16:26.0713 6120  discache - ok
09:16:26.0744 6120  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
09:16:26.0744 6120  Disk - ok
09:16:26.0760 6120  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
09:16:26.0775 6120  DNE - ok
09:16:26.0807 6120  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:16:26.0822 6120  Dnscache - ok
09:16:26.0838 6120  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:16:26.0869 6120  dot3svc - ok
09:16:26.0916 6120  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
09:16:26.0963 6120  Dot4 - ok
09:16:27.0025 6120  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:16:27.0041 6120  Dot4Print - ok
09:16:27.0056 6120  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
09:16:27.0087 6120  dot4usb - ok
09:16:27.0119 6120  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:16:27.0165 6120  DPS - ok
09:16:27.0197 6120  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:16:27.0243 6120  drmkaud - ok
09:16:27.0399 6120  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:16:27.0446 6120  DXGKrnl - ok
09:16:27.0571 6120  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:16:27.0649 6120  EapHost - ok
09:16:27.0743 6120  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:16:27.0789 6120  ebdrv - ok
09:16:27.0821 6120  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:16:27.0836 6120  EFS - ok
09:16:27.0867 6120  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:16:27.0914 6120  ehRecvr - ok
09:16:27.0945 6120  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:16:27.0961 6120  ehSched - ok
09:16:28.0008 6120  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:16:28.0039 6120  elxstor - ok
09:16:28.0039 6120  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:16:28.0055 6120  ErrDev - ok
09:16:28.0086 6120  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:16:28.0117 6120  EventSystem - ok
09:16:28.0164 6120  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:16:28.0242 6120  exfat - ok
09:16:28.0257 6120  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:16:28.0289 6120  fastfat - ok
09:16:28.0335 6120  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:16:28.0351 6120  Fax - ok
09:16:28.0367 6120  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
09:16:28.0382 6120  fdc - ok
09:16:28.0398 6120  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:16:28.0429 6120  fdPHost - ok
09:16:28.0429 6120  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:16:28.0460 6120  FDResPub - ok
09:16:28.0491 6120  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:16:28.0491 6120  FileInfo - ok
09:16:28.0507 6120  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:16:28.0538 6120  Filetrace - ok
09:16:28.0554 6120  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:16:28.0569 6120  flpydisk - ok
09:16:28.0585 6120  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:16:28.0601 6120  FltMgr - ok
09:16:28.0632 6120  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
09:16:28.0663 6120  FontCache - ok
09:16:28.0694 6120  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:16:28.0694 6120  FontCache3.0.0.0 - ok
09:16:28.0725 6120  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:16:28.0725 6120  FsDepends - ok
09:16:28.0772 6120  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:16:28.0803 6120  Fs_Rec - ok
09:16:28.0819 6120  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:16:28.0835 6120  fvevol - ok
09:16:28.0850 6120  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:16:28.0866 6120  gagp30kx - ok
09:16:28.0897 6120  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:16:28.0928 6120  gpsvc - ok
09:16:29.0006 6120  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:16:29.0037 6120  gupdate - ok
09:16:29.0037 6120  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:16:29.0053 6120  gupdatem - ok
09:16:29.0100 6120  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:16:29.0115 6120  hcw85cir - ok
09:16:29.0147 6120  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:16:29.0162 6120  HdAudAddService - ok
09:16:29.0178 6120  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:16:29.0193 6120  HDAudBus - ok
09:16:29.0209 6120  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:16:29.0225 6120  HidBatt - ok
09:16:29.0240 6120  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:16:29.0256 6120  HidBth - ok
09:16:29.0287 6120  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:16:29.0303 6120  HidIr - ok
09:16:29.0334 6120  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
09:16:29.0396 6120  hidserv - ok
09:16:29.0412 6120  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:16:29.0427 6120  HidUsb - ok
09:16:29.0443 6120  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:16:29.0474 6120  hkmsvc - ok
09:16:29.0490 6120  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:16:29.0505 6120  HomeGroupListener - ok
09:16:29.0537 6120  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:16:29.0568 6120  HomeGroupProvider - ok
09:16:29.0599 6120  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:16:29.0615 6120  HpSAMD - ok
09:16:29.0630 6120  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:16:29.0677 6120  HTTP - ok
09:16:29.0693 6120  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:16:29.0708 6120  hwpolicy - ok
09:16:29.0724 6120  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:16:29.0739 6120  i8042prt - ok
09:16:29.0771 6120  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:16:29.0786 6120  iaStorV - ok
09:16:29.0849 6120  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:16:29.0864 6120  IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:16:29.0864 6120  IDriverT - detected UnsignedFile.Multi.Generic (1)
09:16:29.0927 6120  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:16:29.0958 6120  idsvc - ok
09:16:30.0098 6120  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:16:30.0161 6120  igfx - ok
09:16:30.0192 6120  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:16:30.0192 6120  iirsp - ok
09:16:30.0239 6120  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:16:30.0301 6120  IKEEXT - ok
09:16:30.0395 6120  [ 3E49DAC8EEFA6016AA2A6331BEC866AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:16:30.0426 6120  IntcAzAudAddService - ok
09:16:30.0457 6120  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:16:30.0473 6120  intelide - ok
09:16:30.0504 6120  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
09:16:30.0519 6120  intelppm - ok
09:16:30.0582 6120  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:16:30.0644 6120  IPBusEnum - ok
09:16:30.0675 6120  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:16:30.0707 6120  IpFilterDriver - ok
09:16:30.0753 6120  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:16:30.0769 6120  iphlpsvc - ok
09:16:30.0785 6120  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:16:30.0800 6120  IPMIDRV - ok
09:16:30.0831 6120  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:16:30.0863 6120  IPNAT - ok
09:16:30.0878 6120  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:16:30.0894 6120  IRENUM - ok
09:16:30.0941 6120  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:16:30.0941 6120  isapnp - ok
09:16:30.0956 6120  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:16:30.0972 6120  iScsiPrt - ok
09:16:31.0003 6120  [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:16:31.0019 6120  ISWKL - ok
09:16:31.0050 6120  [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
09:16:31.0065 6120  IswSvc - ok
09:16:31.0081 6120  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:16:31.0081 6120  kbdclass - ok
09:16:31.0112 6120  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:16:31.0112 6120  kbdhid - ok
09:16:31.0128 6120  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:16:31.0143 6120  KeyIso - ok
09:16:31.0221 6120  [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:16:31.0253 6120  Kodak AiO Network Discovery Service - ok
09:16:31.0315 6120  [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
09:16:31.0346 6120  Kodak AiO Status Monitor Service - ok
09:16:31.0377 6120  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:16:31.0377 6120  KSecDD - ok
09:16:31.0393 6120  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:16:31.0409 6120  KSecPkg - ok
09:16:31.0424 6120  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:16:31.0455 6120  ksthunk - ok
09:16:31.0487 6120  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:16:31.0518 6120  KtmRm - ok
09:16:31.0549 6120  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:16:31.0580 6120  LanmanServer - ok
09:16:31.0596 6120  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:16:31.0627 6120  LanmanWorkstation - ok
09:16:31.0643 6120  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:16:31.0674 6120  lltdio - ok
09:16:31.0705 6120  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:16:31.0736 6120  lltdsvc - ok
09:16:31.0752 6120  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:16:31.0783 6120  lmhosts - ok
09:16:31.0799 6120  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:16:31.0814 6120  LSI_FC - ok
09:16:31.0830 6120  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:16:31.0845 6120  LSI_SAS - ok
09:16:31.0861 6120  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:16:31.0861 6120  LSI_SAS2 - ok
09:16:31.0877 6120  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:16:31.0892 6120  LSI_SCSI - ok
09:16:31.0908 6120  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:16:31.0939 6120  luafv - ok
09:16:31.0970 6120  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
09:16:32.0017 6120  massfilter - ok
09:16:32.0048 6120  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:16:32.0064 6120  MBAMProtector - ok
09:16:32.0095 6120  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:16:32.0111 6120  MBAMScheduler - ok
09:16:32.0142 6120  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:16:32.0157 6120  MBAMService - ok
09:16:32.0173 6120  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:16:32.0189 6120  Mcx2Svc - ok
09:16:32.0204 6120  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:16:32.0204 6120  megasas - ok
09:16:32.0235 6120  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:16:32.0251 6120  MegaSR - ok
09:16:32.0267 6120  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:16:32.0298 6120  MMCSS - ok
09:16:32.0313 6120  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:16:32.0345 6120  Modem - ok
09:16:32.0360 6120  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:16:32.0376 6120  monitor - ok
09:16:32.0438 6120  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:16:32.0469 6120  mouclass - ok
09:16:32.0532 6120  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:16:32.0579 6120  mouhid - ok
09:16:32.0610 6120  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:16:32.0625 6120  mountmgr - ok
09:16:32.0875 6120  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:16:32.0906 6120  MozillaMaintenance - ok
09:16:32.0937 6120  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:16:32.0969 6120  mpio - ok
09:16:32.0984 6120  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:16:33.0047 6120  mpsdrv - ok
09:16:33.0093 6120  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:16:33.0156 6120  MpsSvc - ok
09:16:33.0171 6120  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:16:33.0187 6120  MRxDAV - ok
09:16:33.0218 6120  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:16:33.0234 6120  mrxsmb - ok
09:16:33.0249 6120  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:16:33.0265 6120  mrxsmb10 - ok
09:16:33.0281 6120  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:16:33.0296 6120  mrxsmb20 - ok
09:16:33.0312 6120  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:16:33.0312 6120  msahci - ok
09:16:33.0327 6120  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:16:33.0343 6120  msdsm - ok
09:16:33.0359 6120  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:16:33.0374 6120  MSDTC - ok
09:16:33.0390 6120  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:16:33.0421 6120  Msfs - ok
09:16:33.0437 6120  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:16:33.0468 6120  mshidkmdf - ok
09:16:33.0499 6120  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:16:33.0499 6120  msisadrv - ok
09:16:33.0515 6120  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:16:33.0561 6120  MSiSCSI - ok
09:16:33.0561 6120  msiserver - ok
09:16:33.0577 6120  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:16:33.0608 6120  MSKSSRV - ok
09:16:33.0608 6120  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:16:33.0639 6120  MSPCLOCK - ok
09:16:33.0639 6120  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:16:33.0671 6120  MSPQM - ok
09:16:33.0686 6120  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:16:33.0702 6120  MsRPC - ok
09:16:33.0717 6120  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:16:33.0733 6120  mssmbios - ok
09:16:33.0749 6120  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:16:33.0780 6120  MSTEE - ok
09:16:33.0795 6120  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:16:33.0811 6120  MTConfig - ok
09:16:33.0827 6120  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:16:33.0827 6120  Mup - ok
09:16:33.0858 6120  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:16:33.0889 6120  napagent - ok
09:16:33.0920 6120  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:16:33.0936 6120  NativeWifiP - ok
09:16:33.0983 6120  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:16:34.0014 6120  NDIS - ok
09:16:34.0045 6120  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:16:34.0076 6120  NdisCap - ok
09:16:34.0107 6120  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:16:34.0139 6120  NdisTapi - ok
09:16:34.0154 6120  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:16:34.0185 6120  Ndisuio - ok
09:16:34.0201 6120  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:16:34.0232 6120  NdisWan - ok
09:16:34.0263 6120  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:16:34.0295 6120  NDProxy - ok
09:16:34.0310 6120  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:16:34.0326 6120  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:16:34.0326 6120  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:16:34.0341 6120  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:16:34.0373 6120  NetBIOS - ok
09:16:34.0404 6120  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:16:34.0435 6120  NetBT - ok
09:16:34.0435 6120  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:16:34.0451 6120  Netlogon - ok
09:16:34.0482 6120  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:16:34.0513 6120  Netman - ok
09:16:34.0529 6120  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:16:34.0560 6120  netprofm - ok
09:16:34.0575 6120  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:16:34.0591 6120  NetTcpPortSharing - ok
09:16:34.0622 6120  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:16:34.0622 6120  nfrd960 - ok
09:16:34.0638 6120  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:16:34.0653 6120  NlaSvc - ok
09:16:34.0685 6120  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:16:34.0716 6120  Npfs - ok
09:16:34.0731 6120  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:16:34.0763 6120  nsi - ok
09:16:34.0778 6120  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:16:34.0809 6120  nsiproxy - ok
09:16:34.0887 6120  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:16:34.0950 6120  Ntfs - ok
09:16:34.0965 6120  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:16:35.0012 6120  Null - ok
09:16:35.0012 6120  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
09:16:35.0043 6120  nusb3hub - ok
09:16:35.0059 6120  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
09:16:35.0090 6120  nusb3xhc - ok
09:16:35.0106 6120  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:16:35.0153 6120  nvraid - ok
09:16:35.0168 6120  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:16:35.0184 6120  nvstor - ok
09:16:35.0215 6120  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:16:35.0231 6120  nv_agp - ok
09:16:35.0246 6120  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:16:35.0262 6120  ohci1394 - ok
09:16:35.0277 6120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:16:35.0309 6120  p2pimsvc - ok
09:16:35.0324 6120  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:16:35.0340 6120  p2psvc - ok
09:16:35.0371 6120  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
09:16:35.0387 6120  Parport - ok
09:16:35.0418 6120  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:16:35.0433 6120  partmgr - ok
09:16:35.0449 6120  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:16:35.0465 6120  PcaSvc - ok
09:16:35.0480 6120  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:16:35.0480 6120  pci - ok
09:16:35.0496 6120  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:16:35.0511 6120  pciide - ok
09:16:35.0543 6120  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:16:35.0543 6120  pcmcia - ok
09:16:35.0574 6120  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:16:35.0589 6120  pcw - ok
09:16:35.0605 6120  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:16:35.0636 6120  PEAUTH - ok
09:16:35.0745 6120  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:16:35.0792 6120  PerfHost - ok
09:16:35.0839 6120  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:16:35.0901 6120  pla - ok
09:16:35.0933 6120  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:16:35.0964 6120  PlugPlay - ok
09:16:36.0011 6120  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:16:36.0026 6120  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:16:36.0026 6120  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:16:36.0042 6120  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:16:36.0073 6120  PNRPAutoReg - ok
09:16:36.0089 6120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:16:36.0104 6120  PNRPsvc - ok
09:16:36.0120 6120  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:16:36.0151 6120  PolicyAgent - ok
09:16:36.0182 6120  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:16:36.0213 6120  Power - ok
09:16:36.0229 6120  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:16:36.0260 6120  PptpMiniport - ok
09:16:36.0276 6120  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
09:16:36.0291 6120  Processor - ok
09:16:36.0307 6120  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:16:36.0323 6120  ProfSvc - ok
09:16:36.0338 6120  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:16:36.0354 6120  ProtectedStorage - ok
09:16:36.0385 6120  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:16:36.0416 6120  Psched - ok
09:16:36.0463 6120  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:16:36.0479 6120  ql2300 - ok
09:16:36.0494 6120  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:16:36.0510 6120  ql40xx - ok
09:16:36.0525 6120  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:16:36.0541 6120  QWAVE - ok
09:16:36.0572 6120  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:16:36.0588 6120  QWAVEdrv - ok
09:16:36.0603 6120  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:16:36.0635 6120  RasAcd - ok
09:16:36.0650 6120  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:16:36.0681 6120  RasAgileVpn - ok
09:16:36.0697 6120  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:16:36.0728 6120  RasAuto - ok
09:16:36.0744 6120  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:16:36.0775 6120  Rasl2tp - ok
09:16:36.0791 6120  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:16:36.0837 6120  RasMan - ok
09:16:36.0837 6120  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:16:36.0869 6120  RasPppoe - ok
09:16:36.0884 6120  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:16:36.0915 6120  RasSstp - ok
09:16:36.0931 6120  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:16:36.0962 6120  rdbss - ok
09:16:36.0978 6120  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:16:36.0993 6120  rdpbus - ok
09:16:37.0009 6120  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:16:37.0040 6120  RDPCDD - ok
09:16:37.0056 6120  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:16:37.0087 6120  RDPENCDD - ok
09:16:37.0103 6120  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:16:37.0134 6120  RDPREFMP - ok
09:16:37.0149 6120  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:16:37.0165 6120  RDPWD - ok
09:16:37.0181 6120  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:16:37.0196 6120  rdyboost - ok
09:16:37.0212 6120  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:16:37.0243 6120  RemoteAccess - ok
09:16:37.0259 6120  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:16:37.0290 6120  RemoteRegistry - ok
09:16:37.0337 6120  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:16:37.0368 6120  RpcEptMapper - ok
09:16:37.0383 6120  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:16:37.0383 6120  RpcLocator - ok
09:16:37.0430 6120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:16:37.0461 6120  RpcSs - ok
09:16:37.0477 6120  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:16:37.0508 6120  rspndr - ok
09:16:37.0524 6120  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:16:37.0539 6120  RTL8167 - ok
09:16:37.0571 6120  [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
09:16:37.0586 6120  RTL8192su - ok
09:16:37.0586 6120  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:16:37.0602 6120  SamSs - ok
09:16:37.0633 6120  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:16:37.0633 6120  sbp2port - ok
09:16:37.0664 6120  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:16:37.0695 6120  SCardSvr - ok
09:16:37.0711 6120  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:16:37.0742 6120  scfilter - ok
09:16:37.0773 6120  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:16:37.0820 6120  Schedule - ok
09:16:37.0836 6120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:16:37.0867 6120  SCPolicySvc - ok
09:16:37.0929 6120  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:16:37.0945 6120  SDRSVC - ok
09:16:37.0992 6120  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:16:38.0023 6120  secdrv - ok
09:16:38.0085 6120  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:16:38.0148 6120  seclogon - ok
09:16:38.0195 6120  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
09:16:38.0273 6120  SENS - ok
09:16:38.0319 6120  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:16:38.0351 6120  SensrSvc - ok
09:16:38.0413 6120  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:16:38.0429 6120  Serenum - ok
09:16:38.0507 6120  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
09:16:38.0538 6120  Serial - ok
09:16:38.0585 6120  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:16:38.0600 6120  sermouse - ok
09:16:38.0647 6120  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:16:38.0709 6120  SessionEnv - ok
09:16:38.0897 6120  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:16:38.0943 6120  sffdisk - ok
09:16:39.0037 6120  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:16:39.0084 6120  sffp_mmc - ok
09:16:39.0209 6120  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:16:39.0240 6120  sffp_sd - ok
09:16:39.0396 6120  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:16:39.0443 6120  sfloppy - ok
09:16:39.0661 6120  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:16:39.0723 6120  SharedAccess - ok
09:16:39.0879 6120  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:16:39.0926 6120  ShellHWDetection - ok
09:16:40.0051 6120  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:16:40.0082 6120  SiSRaid2 - ok
09:16:40.0176 6120  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:16:40.0191 6120  SiSRaid4 - ok
09:16:40.0535 6120  [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:16:40.0566 6120  SkypeUpdate - ok
09:16:40.0675 6120  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:16:40.0737 6120  Smb - ok
09:16:40.0784 6120  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:16:40.0800 6120  SNMPTRAP - ok
09:16:40.0893 6120  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:16:40.0925 6120  spldr - ok
09:16:40.0987 6120  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:16:41.0018 6120  Spooler - ok
09:16:41.0127 6120  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:16:41.0190 6120  sppsvc - ok
09:16:41.0190 6120  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:16:41.0221 6120  sppuinotify - ok
09:16:41.0252 6120  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:16:41.0283 6120  srv - ok
09:16:41.0299 6120  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:16:41.0315 6120  srv2 - ok
09:16:41.0330 6120  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:16:41.0346 6120  srvnet - ok
09:16:41.0393 6120  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
09:16:41.0424 6120  sscdbus - ok
09:16:41.0455 6120  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:16:41.0517 6120  SSDPSRV - ok
09:16:41.0533 6120  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:16:41.0564 6120  SstpSvc - ok
09:16:41.0595 6120  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:16:41.0595 6120  stexstor - ok
09:16:41.0642 6120  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:16:41.0689 6120  stisvc - ok
09:16:41.0689 6120  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:16:41.0705 6120  swenum - ok
09:16:41.0720 6120  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:16:41.0751 6120  swprv - ok
09:16:41.0798 6120  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:16:41.0829 6120  SysMain - ok
09:16:41.0845 6120  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:16:41.0861 6120  TabletInputService - ok
09:16:41.0876 6120  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:16:41.0923 6120  TapiSrv - ok
09:16:41.0939 6120  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:16:41.0970 6120  TBS - ok
09:16:42.0048 6120  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:16:42.0095 6120  Tcpip - ok
09:16:42.0141 6120  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:16:42.0173 6120  TCPIP6 - ok
09:16:42.0188 6120  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:16:42.0204 6120  tcpipreg - ok
09:16:42.0235 6120  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:16:42.0251 6120  TDPIPE - ok
09:16:42.0266 6120  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:16:42.0282 6120  TDTCP - ok
09:16:42.0297 6120  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:16:42.0329 6120  tdx - ok
09:16:42.0344 6120  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:16:42.0360 6120  TermDD - ok
09:16:42.0375 6120  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:16:42.0422 6120  TermService - ok
09:16:42.0438 6120  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:16:42.0453 6120  Themes - ok
09:16:42.0469 6120  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:16:42.0500 6120  THREADORDER - ok
09:16:42.0516 6120  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:16:42.0547 6120  TrkWks - ok
09:16:42.0563 6120  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:16:42.0594 6120  TrustedInstaller - ok
09:16:42.0609 6120  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:16:42.0641 6120  tssecsrv - ok
09:16:42.0656 6120  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:16:42.0672 6120  TsUsbFlt - ok
09:16:42.0703 6120  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:16:42.0719 6120  TsUsbGD - ok
09:16:42.0750 6120  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:16:42.0812 6120  tunnel - ok
09:16:42.0843 6120  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:16:42.0843 6120  uagp35 - ok
09:16:42.0875 6120  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:16:42.0906 6120  udfs - ok
09:16:42.0953 6120  [ C46C4BE1BAB0F0669F6C21151BBDA557 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
09:16:42.0968 6120  UI Assistant Service - ok
09:16:42.0984 6120  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:16:42.0999 6120  UI0Detect - ok
09:16:43.0015 6120  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:16:43.0031 6120  uliagpkx - ok
09:16:43.0062 6120  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:16:43.0062 6120  umbus - ok
09:16:43.0093 6120  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:16:43.0109 6120  UmPass - ok
09:16:43.0124 6120  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:16:43.0155 6120  upnphost - ok
09:16:43.0171 6120  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:16:43.0187 6120  usbccgp - ok
09:16:43.0202 6120  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:16:43.0218 6120  usbcir - ok
09:16:43.0249 6120  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:16:43.0265 6120  usbehci - ok
09:16:43.0296 6120  [ 917A716639C8FF1C396D4B13889552D8 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
09:16:43.0327 6120  usbfilter - ok
09:16:43.0343 6120  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:16:43.0374 6120  usbhub - ok
09:16:43.0374 6120  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:16:43.0405 6120  usbohci - ok
09:16:43.0421 6120  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:16:43.0436 6120  usbprint - ok
09:16:43.0452 6120  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:16:43.0467 6120  usbscan - ok
09:16:43.0483 6120  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:16:43.0499 6120  USBSTOR - ok
09:16:43.0514 6120  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:16:43.0530 6120  usbuhci - ok
09:16:43.0577 6120  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
09:16:43.0608 6120  usb_rndisx - ok
09:16:43.0623 6120  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:16:43.0686 6120  UxSms - ok
09:16:43.0686 6120  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:16:43.0701 6120  VaultSvc - ok
09:16:43.0733 6120  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:16:43.0733 6120  vdrvroot - ok
09:16:43.0764 6120  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:16:43.0795 6120  vds - ok
09:16:43.0826 6120  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:16:43.0842 6120  vga - ok
09:16:43.0857 6120  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:16:43.0889 6120  VgaSave - ok
09:16:43.0920 6120  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:16:43.0935 6120  vhdmp - ok
09:16:43.0935 6120  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:16:43.0951 6120  viaide - ok
09:16:43.0967 6120  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:16:43.0967 6120  volmgr - ok
09:16:43.0998 6120  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:16:44.0013 6120  volmgrx - ok
09:16:44.0045 6120  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:16:44.0060 6120  volsnap - ok
09:16:44.0107 6120  [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
09:16:44.0123 6120  Vsdatant - ok
09:16:44.0138 6120  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:16:44.0154 6120  vsmraid - ok
09:16:44.0201 6120  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:16:44.0248 6120  VSS - ok
09:16:44.0263 6120  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:16:44.0279 6120  vwifibus - ok
09:16:44.0294 6120  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:16:44.0310 6120  vwififlt - ok
09:16:44.0326 6120  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:16:44.0341 6120  vwifimp - ok
09:16:44.0372 6120  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:16:44.0404 6120  W32Time - ok
09:16:44.0419 6120  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:16:44.0435 6120  WacomPen - ok
09:16:44.0466 6120  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:16:44.0497 6120  WANARP - ok
09:16:44.0513 6120  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:16:44.0544 6120  Wanarpv6 - ok
09:16:44.0575 6120  [ 878C947C69EE89E4DBFF9DBD6155C15D ] watchmi         C:\Program Files (x86)\watchmi\TvdService.exe
09:16:44.0591 6120  watchmi ( UnsignedFile.Multi.Generic ) - warning
09:16:44.0591 6120  watchmi - detected UnsignedFile.Multi.Generic (1)
09:16:44.0638 6120  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:16:44.0669 6120  wbengine - ok
09:16:44.0700 6120  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:16:44.0716 6120  WbioSrvc - ok
09:16:44.0762 6120  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:16:44.0809 6120  wcncsvc - ok
09:16:44.0825 6120  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:16:44.0840 6120  WcsPlugInService - ok
09:16:44.0872 6120  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
09:16:44.0887 6120  Wd - ok
09:16:44.0934 6120  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:16:44.0981 6120  Wdf01000 - ok
09:16:44.0996 6120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:16:45.0012 6120  WdiServiceHost - ok
09:16:45.0028 6120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:16:45.0043 6120  WdiSystemHost - ok
09:16:45.0059 6120  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:16:45.0074 6120  WebClient - ok
09:16:45.0106 6120  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:16:45.0137 6120  Wecsvc - ok
09:16:45.0137 6120  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:16:45.0168 6120  wercplsupport - ok
09:16:45.0199 6120  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:16:45.0230 6120  WerSvc - ok
09:16:45.0246 6120  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:16:45.0277 6120  WfpLwf - ok
09:16:45.0293 6120  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:16:45.0308 6120  WIMMount - ok
09:16:45.0324 6120  WinDefend - ok
09:16:45.0340 6120  WinHttpAutoProxySvc - ok
09:16:45.0371 6120  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:16:45.0449 6120  Winmgmt - ok
09:16:45.0542 6120  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:16:45.0589 6120  WinRM - ok
09:16:45.0636 6120  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:16:45.0652 6120  WinUsb - ok
09:16:45.0667 6120  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:16:45.0698 6120  Wlansvc - ok
09:16:45.0745 6120  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:16:45.0776 6120  wlcrasvc - ok
09:16:45.0854 6120  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:16:45.0901 6120  wlidsvc - ok
09:16:45.0917 6120  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:16:45.0932 6120  WmiAcpi - ok
09:16:45.0964 6120  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:16:45.0979 6120  wmiApSrv - ok
09:16:46.0010 6120  WMPNetworkSvc - ok
09:16:46.0088 6120  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:16:46.0120 6120  WPCSvc - ok
09:16:46.0166 6120  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:16:46.0213 6120  WPDBusEnum - ok
09:16:46.0244 6120  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:16:46.0291 6120  ws2ifsl - ok
09:16:46.0307 6120  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
09:16:46.0322 6120  wscsvc - ok
09:16:46.0322 6120  WSearch - ok
09:16:46.0385 6120  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:16:46.0416 6120  wuauserv - ok
09:16:46.0494 6120  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:16:46.0541 6120  WudfPf - ok
09:16:46.0556 6120  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:16:46.0572 6120  WUDFRd - ok
09:16:46.0603 6120  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:16:46.0619 6120  wudfsvc - ok
09:16:46.0634 6120  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:16:46.0650 6120  WwanSvc - ok
09:16:46.0697 6120  [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:16:46.0712 6120  ZTEusbmdm6k - ok
09:16:46.0728 6120  [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:16:46.0744 6120  ZTEusbnmea - ok
09:16:46.0759 6120  [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:16:46.0775 6120  ZTEusbser6k - ok
09:16:46.0806 6120  ================ Scan global ===============================
09:16:46.0822 6120  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:16:46.0853 6120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:16:46.0868 6120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:16:46.0900 6120  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:16:46.0915 6120  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:16:46.0931 6120  [Global] - ok
09:16:46.0931 6120  ================ Scan MBR ==================================
09:16:46.0931 6120  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
09:16:49.0146 6120  \Device\Harddisk0\DR0 - ok
09:16:49.0146 6120  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
09:16:49.0786 6120  \Device\Harddisk1\DR1 - ok
09:16:49.0786 6120  ================ Scan VBR ==================================
09:16:49.0801 6120  [ EFE6EC6F5F5D6C11E3C9B17B93B734F5 ] \Device\Harddisk0\DR0\Partition1
09:16:49.0801 6120  \Device\Harddisk0\DR0\Partition1 - ok
09:16:49.0817 6120  [ B880AD6696E3EB9C3E77CF98A9AE4FD2 ] \Device\Harddisk0\DR0\Partition2
09:16:49.0832 6120  \Device\Harddisk0\DR0\Partition2 - ok
09:16:49.0864 6120  [ 4644BD661FDAF29CC4B29FEBB9F76E6B ] \Device\Harddisk0\DR0\Partition3
09:16:49.0864 6120  \Device\Harddisk0\DR0\Partition3 - ok
09:16:49.0864 6120  [ 0E7B1CED0A57AE18FB4D314683103F49 ] \Device\Harddisk1\DR1\Partition1
09:16:49.0864 6120  \Device\Harddisk1\DR1\Partition1 - ok
09:16:49.0879 6120  ============================================================
09:16:49.0879 6120  Scan finished
09:16:49.0879 6120  ============================================================
09:16:49.0942 6132  Detected object count: 4
09:16:49.0942 6132  Actual detected object count: 4
09:16:58.0896 6132  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:16:58.0896 6132  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:16:58.0896 6132  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:16:58.0896 6132  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:16:58.0896 6132  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:16:58.0896 6132  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:16:58.0896 6132  watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
09:16:58.0896 6132  watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 01.03.2013, 13:54   #8
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 22:48   #9
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



So, hier das nächste Log:

Code:
ATTFilter
ComboFix 13-03-01.01 - Lena 01.03.2013  21:36:25.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2443 [GMT 1:00]
ausgeführt von:: c:\users\Lena\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Lena\AppData\Roaming\.#
c:\users\Lena\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Lena\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Lena\avast_internet_security_setup.exe
c:\windows\IsUn0407.exe
J:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 21:24 . 2013-03-01 21:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 21:24 . 2013-03-01 21:24	--------	d-----w-	c:\users\Daniel\AppData\Local\temp
2013-03-01 07:45 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{280B227A-C9C1-4370-8703-C850F086B6EA}\mpengine.dll
2013-02-27 19:11 . 2013-02-27 19:11	--------	d-----w-	C:\_OTL
2013-02-25 23:46 . 2013-02-25 23:46	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-02-24 17:34 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-24 14:22 . 2013-02-24 17:33	--------	d-----w-	c:\programdata\AVAST Software
2013-02-24 14:22 . 2013-02-24 17:33	--------	d-----w-	c:\program files\AVAST Software
2013-02-24 00:09 . 2013-02-24 00:09	--------	d-----w-	c:\users\Lena\AppData\Roaming\Simply Super Software
2013-02-24 00:09 . 2013-02-24 00:09	--------	d-----w-	c:\program files (x86)\Trojan Remover
2013-02-24 00:09 . 2013-02-24 00:09	--------	d-----w-	c:\programdata\Simply Super Software
2013-02-22 00:51 . 2013-02-22 00:51	--------	d-----w-	C:\UserData
2013-02-13 12:30 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:30 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:28 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-13 12:28 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-13 11:44 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 11:44 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 11:44 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 11:44 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 11:44 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 11:44 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 11:44 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 11:44 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 11:44 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 11:44 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 11:44 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 11:44 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 10:26 . 2013-02-13 11:58	--------	d-----w-	c:\users\Lena\uli
2013-02-04 00:32 . 2013-02-04 00:32	--------	d-----w-	c:\users\Lena\AppData\Local\www.rene-zeidler.de
2013-02-04 00:32 . 2013-02-04 00:32	--------	d-----w-	c:\users\Lena\AppData\Roaming\www.rene-zeidler.de
2013-02-04 00:32 . 2013-02-04 00:32	--------	d-----w-	c:\programdata\www.rene-zeidler.de
2013-02-03 23:47 . 2013-02-19 22:51	--------	d-----w-	c:\users\Lena\AppData\Roaming\FileZilla
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 00:23 . 2012-03-30 07:12	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 00:23 . 2012-01-04 14:01	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 12:34 . 2010-12-02 08:51	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-12-02 08:09	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 11:44	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 18:41	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:41	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:41	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-03-01 16:14	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 22:28	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 22:28	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 22:28	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 22:28	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 22:28	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 22:28	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 22:28	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 22:28	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 22:28	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 22:28	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 22:28	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 22:28	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 22:28	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 22:28	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 22:28	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 22:28	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 22:28	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 22:28	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 22:28	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 22:28	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 22:28	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 22:28	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 22:28	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 22:28	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 22:28	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 22:28	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 22:28	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 22:28	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 22:28	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 22:28	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 22:28	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 22:28	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-04 19:25 . 2012-08-22 21:14	800824	----a-w-	c:\users\Default\AppData\Roaming\DPInst.exe
2012-12-04 19:25 . 2012-08-22 21:14	36352	----a-w-	c:\users\Default\AppData\Roaming\PnPutil.exe
2012-12-04 19:25 . 2012-08-22 21:14	106496	----a-w-	c:\users\Default\AppData\Roaming\gacutil.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-09 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"ZoneAlarm Installer"="c:\program files (x86)\CheckPoint\Install\Launcher.exe" [2012-01-04 403088]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2012-05-04 156448]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\eigene programme\Open Office\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-1-4 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-29 11776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-05-14 28800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-09 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-09 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2012-05-04 274208]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-20 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-20 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-09-29 46720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:23]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:35]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{201F70FD-869A-4D56-8B1E-41F95FBAED79}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\b4iuqbdn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-Macromedia FreeHand 9 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1228159271-2358776038-1076675130-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,c6,95,8b,33,0d,59,c5,3e,53,83,ce,5f,93,67,75,35,90,f3,b4,29,41,3a,
   41,ad,fc,34,17,22,8e,c5,8f,ed,c9,14,05,85,9e,b9,d9,18,bb,68,08,ee,e7,9b,d3,\
"??"=hex:02,3a,45,7e,77,91,5e,18,3a,cf,51,7d,94,6b,c6,82
.
[HKEY_USERS\S-1-5-21-1228159271-2358776038-1076675130-1002\Software\SecuROM\License information*]
"datasecu"=hex:33,c4,5e,f7,b9,79,fd,38,ba,c2,c8,11,08,de,2d,eb,71,6d,10,20,92,
   a6,9c,72,33,de,19,92,6a,b7,eb,f3,17,00,3e,52,2c,20,12,b2,78,6c,9c,c6,bf,80,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  22:43:28
ComboFix-quarantined-files.txt  2013-03-01 21:43
.
Vor Suchlauf: 14 Verzeichnis(se), 1.134.509.883.392 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.133.991.002.112 Bytes frei
.
- - End Of File - - 1A889B07FFF01FE2FA154FCC95335F3D
         

Alt 01.03.2013, 23:08   #10
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 02:14   #11
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hallo,
der vollständige Scan hat nichts ergeben:

Zitat:
Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.03.01.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lena :: BATTLESTAR [Administrator]

03.03.2013 00:29:33
mbam-log-2013-03-03 (00-29-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 529550
Laufzeit: 1 Stunde(n), 42 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 03.03.2013, 18:31   #12
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 00:46   #13
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Hallo,

n = nötig
nn = nicht nötig
u = unbekannt (auch wenn ich mir bei vielen denken kann, was sie vermutlich tun, weiß ich es aber nicht sicher)

Zitat:
n 1&1 Surf-Stick 17.01.2013 1.0.0.2
u Adobe AIR Adobe Systems Inc. 04.03.2011 2.5.1.17730
n Adobe Digital Editions 28.01.2013
n Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171
u Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171
n Adobe Reader X (10.1.5) MUI Adobe Systems Incorporated 29.01.2013 479MB 10.1.5
nn ALDI NORD Bestellsoftware 4.12.2 ORWO Net 14.11.2012 4.12.2
n Amazon Kindle Amazon 26.03.2012
n Amazon MP3-Downloader 1.0.9 25.01.2012
nn Art Mogul 04.01.2012
nn Art of Murder: Cards of Destiny 04.01.2012
nn Art of Murder: FBI Confidential 11.01.2012
nn Art of Murder: Hunt for the Puppeteer 04.01.2012
nn Artist Colony 04.01.2012
u ATI Catalyst Install Manager ATI Technologies, Inc. 04.03.2011 22,4MB 3.0.808.0
n Audacity 1.3.14 (Unicode) Audacity Team 04.01.2012 40,4MB
n Avira Free Antivirus Avira 14.11.2012 109MB 12.1.9.1236
nn Avira SearchFree Toolbar plus Web Protection Ask.com 01.03.2012 4,25MB 1.14.1.0
nn Avira SearchFree Toolbar plus Web Protection Updater Ask.com 01.03.2012 1.2.0.20064
nn Azada &reg; 04.01.2012
nn Big Fish Games: Game Manager 04.01.2012 3.0.1.60
nn Blackwell Unbound 11.01.2012
nn Brink of Consciousness: Dorian Gray Syndrome 27.04.2012
nn BurnAware Free 4.4 Burnaware Technologies 04.01.2012 22,4MB
n calibre Kovid Goyal 08.01.2012 123MB 0.8.34
nn Catan - Die erste Insel 20.01.2012
n CCleaner Piriform 23.01.2013 3.27
nn CDBurnerXP CDBurnerXP 29.04.2012 12,0MB 4.4.0.3018
nn Chocolatier 2: Secret Ingredients 04.01.2012
nn Chronicles of Mystery: Tree of Life 01.02.2012
n Cisco Systems VPN Client 5.0.07.0440 28.01.2013 10,6MB
u Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
u Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
u Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
nn CyberLink LabelPrint CyberLink Corp. 04.03.2011 148MB 2.5.3418
nn CyberLink Power2Go CyberLink Corp. 04.03.2011 115MB 6.1.3802
nn CyberLink PowerDVD Copy CyberLink Corp. 04.03.2011 30,9MB 1.5.1306
nn Defraggler Piriform 19.01.2013 2.12
nn Der verborgene Kontinent 04.01.2012
nn Die Sims 2: Open For Business 20.01.2012
nn Die Sims 2: Wilde Campus-Jahre 20.01.2012
nn Die Sims™ 2 Deluxe 20.01.2012
nn Eden's Quest - The Hunt for Akua 21.09.2012
nn Empress of the Deep 2: Song of the Blue Whale 01.07.2012
nn Fish Tycoon 04.01.2012
u Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
n GIMP 2.6.12 The GIMP Team 09.02.2012 114MB 2.6.12
nn Governor of Poker 04.01.2012
nn Home Sweet Home 2: Kitchens and Baths 04.01.2012
n HP Officejet 4500 G510a-f HP 28.01.2013 13.0
nn Inkscape 0.48.4 04.03.2013 0.48.4
nn Jade Empire BioWare Corp. 03.05.2012
n Java(TM) 6 Update 22 Oracle 04.01.2012 97,0MB 6.0.220
n Java(TM) 6 Update 37 Oracle 25.10.2012 95,7MB 6.0.370
nn Jojo's Fashion Show: World Tour 04.01.2012
nn Kaptain Brawe - Episode II 04.01.2012
nn KODAK All-in-One Software Eastman Kodak Company 04.12.2012 7.6.12.20
u Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
nn Lavender's Botanicals 31.03.2012
nn Life Quest&reg; 04.01.2012
nn Lost in the City ™ 04.01.2012
n Macromedia FreeHand 9 Macromedia 20.01.2012 9
n Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.01.2013 18,4MB 1.70.0.1100
nn Medion Home Cinema CyberLink Corp. 04.03.2011 36,5MB 8.0.2227
u Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.12.2010 38,8MB 4.0.30319
u Microsoft Office 2010 Microsoft Corporation 04.03.2011 6,31MB 14.0.4763.1000
u Microsoft Silverlight Microsoft Corporation 12.07.2012 50,6MB 5.1.10411.0
u Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.03.2011 1,69MB 3.1.0000
u Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 02.12.2010 260KB 8.0.50727.4053
u Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.02.2012 2,69MB 8.0.59193
u Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 04.01.2012 784KB 9.0.30729.4148
u Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.05.2012 238KB 9.0.30729
u Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.01.2012 592KB 9.0.30729.4148
u Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 04.03.2011 13,6MB 10.0.30319
u Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.03.2012 11,1MB 10.0.40219
n Mozilla Firefox 19.0 (x86 de) Mozilla 26.02.2013 43,6MB 19.0
u Mozilla Maintenance Service Mozilla 26.02.2013 217KB 19.0
n Mozilla Thunderbird 17.0.3 (x86 de) Mozilla 20.02.2013 41,9MB 17.0.3
n Mozilla Thunderbird 9.0.1 (x86 de) Mozilla 04.01.2012 38,7MB 9.0.1
u MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.12.2010 5,78MB 4.20.9876.0
u MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12.07.2012 1,53MB 4.30.2114.0
u MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54MB 4.30.2117.0
u MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 02.12.2010 1,53MB 4.30.2107.0
nn My Life Story Adventures 03.10.2012
nn My Tribe 04.01.2012
nn Nightfall Mysteries: Black Heart 14.03.2012
n OpenOffice.org 3.3 OpenOffice.org 04.01.2012 414MB 3.3.9567
nn Orbyx Deluxe 20.02.2012
nn Plant Tycoon 04.01.2012
nn Plants vs. Zombies 04.01.2012
u PlayReady PC Runtime amd64 Microsoft Corporation 04.01.2012 2,05MB 1.3.0
nn PrintProjects RocketLife Inc. 04.12.2012 14,6MB 1.0.0.9282
u Realtek Ethernet Controller Driver Realtek 04.03.2011 7.37.1229.2010
u Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.03.2011 6.0.1.6285
nn Redrum ™ 04.01.2012
nn Redrum: Time Lies 04.01.2012
u Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 04.03.2011 1,00MB 2.0.32.0
nn Return to Mysterious Island 04.01.2012
nn Safecracker 04.01.2012
nn Skype Click to Call Skype Technologies S.A. 08.02.2012 12,4MB 5.9.9216
nn Skype™ 5.8 Skype Technologies S.A. 23.03.2012 19,0MB 5.8.158
nn Snapshot Adventures - Secret of Bird Island 03.04.2012
nn SPORE™ Electronic Arts 04.01.2012 1.00.0000
nn Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) Obsidian 29.04.2012 1.00.0000
nn The Blackwell Convergence 11.01.2012
nn The Blackwell Legacy 11.01.2012
nn The Island - Castaway 2 14.03.2012
nn The Otherside - Realm of Eons 29.08.2012
nn The Scruffs - Return of the Duke 01.10.2012
nn The Serpent of Isis: Your Journey Continues 02.02.2012
nn Trojan Remover 6.8.5 Simply Super Software 24.02.2013 18,7MB 6.8.5
u Unity Web Player Unity Technologies ApS 07.08.2012 12,0MB
u Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
nn Virtual Villagers: New Believers 13.03.2012
nn Virtual Villagers: The Secret City 26.01.2012
nn Virtual Villagers: The Tree of Life 13.03.2012
nn Voyage 11.01.2012
nn Wandering Willows 04.01.2012
nn watchmi Axel Springer Digital TV Guide GmbH 04.01.2012 1,74MB 2.5.0
nn Westward 04.01.2012
nn Westward II: Heroes of the Frontier 04.01.2012
u Windows Live Essentials Microsoft Corporation 04.03.2011 15.4.3508.1109
u Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
u Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 04.03.2011 5,37MB 15.4.5722.2
u Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
u Windows Live Mesh ActiveX-objekt til fjernforbindelser Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
u Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz Microsoft Corporation 04.03.2011 5,57MB 15.4.5722.2
n WinRAR 4.10 (64-Bit) win.rar GmbH 20.01.2012 4.10.0
nn YouTube Downloader 3.5 BienneSoft 04.01.2012
nn ZoneAlarm Free Check Point 04.01.2012 60,0MB 10.1.079.000
nn Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 04.03.2011 5,38MB 15.4.5722.2

Alt 05.03.2013, 19:06   #14
markusg
/// Malware-holic
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



warum hast dus nicht einfach so gemacht, wie ichs gepostet hab, nötig, unnötig, unbekannt, währe ja nu auch nicht das Problem gewesen..
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree : beide weg, ist die ask toolbar und diehatt auf pcsnichts zu suchen!
Big Fish
Blackwell
Brink of
BurnAware
Catan
CDBurnerXP
Chocolatier
Chronicles
Control
Controlo
Contrôle
CyberLink : alle
Defraggler
Der verborgene
Die Sims : alle
Eden's
Empress
Fish
Formant
Governor
Home
Inkscape
Jade
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Jojo's
Kaptain
KODAK
Kontrolnik
Lavender's
Life
Lost
Medion
Microsoft Office : falls nicht verwendet
My : beide
Nightfall
Orbyx
Plant
Plants
PrintProjects
Redrum : beide
Return
Safecracker
Skype : beide
Snapshot
SPORE™
Star Wars
The Blackwell : alle
The Island
The Otherside
The Scruffs
The Serpent
Trojan Remover
Unity
Uzak
Virtual Villagers: : alle
Voyage

Wandering
watchmi
Westward : alle
Windows Live : alle für dich unnötigen
YouTube
ZoneAlarm
Στοιχείο
Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 10:53   #15
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)



Entschuldige, ich habe ein krankes Baby hier, dass alle naselang aufwacht, deshalb habe ich versucht, dass so schnell wie möglich zu erledigen um überhaupt voran zu kommen...

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 07/03/2013 um 10:26:59 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lena - BATTLESTAR
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lena\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\ZoneAlarm-Sicherheit
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Daniel\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Lena\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lena\AppData\LocalLow\ZoneAlarm-Sicherheit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DE5DF62-C577-496D-ADD0-05E4F2C0316D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{133C1C7E-ACC4-4E12-A692-25D35748D9C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm-Sicherheit Toolbar
Schlüssel Gelöscht : HKLM\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\b4iuqbdn.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\72c8970j.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4918 octets] - [07/03/2013 10:26:59]

########## EOF - C:\AdwCleaner[S1].txt - [4978 octets] ##########
         

Antwort

Themen zu Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)
agent, avast, avira, code, einfach, fehlermeldung, fertig, gelöscht, gmer, ide, installiert, internet, links, log-datei, neu, nicht mehr, nichts, pop up, popups, problem, seite, super, testversion, trojaner, verschoben, version, wichtige daten, wordpress, überhaupt



Ähnliche Themen: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)


  1. 302 moved the document has moved here
    Log-Analyse und Auswertung - 03.08.2015 (12)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. Avast findet Virus "Bejeweled 2 Deluxe-WT.exe"
    Plagegeister aller Art und deren Bekämpfung - 12.10.2014 (17)
  4. Avast Antivirus findet Bedrohung "Win32:NextLive-A" (nengine:dll)
    Log-Analyse und Auswertung - 05.03.2014 (7)
  5. Virusproblem ? "Document has moved. Redirecting..." Alle Scans sind aber negativ
    Log-Analyse und Auswertung - 05.04.2013 (22)
  6. "Document has moved. Redirecting..." und Animations-/Werbefenster (?) auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (7)
  7. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. "The document has moved, redirecting..." & nginx-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  10. "The document has moved, redirecting..." & nginx-Virus
    Log-Analyse und Auswertung - 14.08.2012 (1)
  11. Avast! findet "Rootkit: hiddenfile" in meinem Windows Ordner
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  12. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  13. avast findet "giraffic.exe", danach findet malewarebytes 13 infizierte dateien..PUP.Hacktool.Patcher
    Log-Analyse und Auswertung - 26.08.2011 (5)
  14. Avast findet "Win32 Virut" auf Externer Festplatte
    Log-Analyse und Auswertung - 20.10.2010 (7)
  15. Malware-Software automatisch installiert - Meldung "Document has moved - redirecting"
    Log-Analyse und Auswertung - 28.05.2010 (8)
  16. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  17. HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!!
    Log-Analyse und Auswertung - 09.04.2005 (5)

Zum Thema Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Hallo, ich habe versucht so viele Punkte wie möglich von den goldenen Regln abzuarbeiten. Seit einigen Tagen habe ich das Problem, dass in FF links unten in fast jedem FEnster/Tab - Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)...
Archiv
Du betrachtest: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.