Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)


Plagegeister aller Art und deren Bekämpfung: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.02.2013, 02:32   #1
Lena_
 
Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Standard

Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)


Hallo,
ich habe versucht so viele Punkte wie möglich von den goldenen Regln abzuarbeiten.
Seit einigen Tagen habe ich das Problem, dass in FF links unten in fast jedem FEnster/Tab Popups auftauchen, außerdem wurde immer häufiger "302 - The document has temprorarily moved" angezeigt. Irgendwann gingen die Links dann gar nicht mehr - es wurde mir einfach nur noch eine weisse Seite angezeigt.
Malware und Avira haben nichts gefunden, daher habe ich auf anraten eines Freundes avast installiert, welches einen "php agent" mit der Bemerkung Trojaner identifizierte. Dieser war in einem Wordpresstheme, dass ich vor einer Weile herunter geladen hatte. Ich habe den php agent in den "Container" verschoben, das entsprechende WP-Theme gelöscht und FF neu intalliert. Leider bin ich durch den avast-Schutz nicht mehr ins Internet gekommen, so dass ich avast wieder deinstallieren musste um überhaupt wieder ins Internet zu kommen und deshalb keine Log-Datei mehr davon habe

Die Pop up's sind allerdings immer noch da, die Fehlermeldung ist bisher allerdings nicht wieder aufgetaucht.
OTL und GMER habe ich runtergeladen, Malware hatte ich noch, allerdings ist die Testversion lange abgelaufen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/27/2013 2:35:10 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.37% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1055.05 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.71 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 63.69 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/27 01:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lena\Downloads\OTL.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/09 08:51:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 18:17:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 18:17:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/08 18:17:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/04 17:19:02 | 001,588,512 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
PRC - [2012/05/04 17:19:02 | 000,732,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
PRC - [2012/05/04 17:19:02 | 000,274,208 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2012/05/04 17:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2012/01/04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Eigene Programme\Open Office\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Eigene Programme\Open Office\program\soffice.bin
PRC - [2010/12/20 20:31:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/04 17:19:02 | 001,588,512 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
MOD - [2012/05/04 17:19:02 | 001,525,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
MOD - [2012/05/04 17:19:02 | 000,778,016 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
MOD - [2012/05/04 17:19:02 | 000,732,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
MOD - [2012/05/04 17:19:02 | 000,705,824 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
MOD - [2012/05/04 17:19:02 | 000,612,640 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
MOD - [2012/05/04 17:19:02 | 000,582,944 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
MOD - [2012/05/04 17:19:02 | 000,407,840 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
MOD - [2012/05/04 17:19:02 | 000,333,600 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
MOD - [2012/05/04 17:19:02 | 000,322,336 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
MOD - [2012/05/04 17:19:02 | 000,287,008 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
MOD - [2012/05/04 17:19:02 | 000,255,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
MOD - [2012/05/04 17:19:02 | 000,253,728 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
MOD - [2012/05/04 17:19:02 | 000,247,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
MOD - [2012/05/04 17:19:02 | 000,243,488 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
MOD - [2012/05/04 17:19:02 | 000,228,640 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
MOD - [2012/05/04 17:19:02 | 000,188,704 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
MOD - [2012/05/04 17:19:02 | 000,179,488 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
MOD - [2012/05/04 17:19:02 | 000,176,416 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
MOD - [2012/05/04 17:19:02 | 000,159,520 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
MOD - [2012/05/04 17:19:02 | 000,157,472 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
MOD - [2012/05/04 17:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
MOD - [2012/05/04 17:19:02 | 000,147,744 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
MOD - [2012/05/04 17:19:02 | 000,146,720 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
MOD - [2012/05/04 17:19:02 | 000,128,288 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
MOD - [2012/05/04 17:19:02 | 000,127,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
MOD - [2012/05/04 17:19:02 | 000,111,904 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
MOD - [2012/05/04 17:19:02 | 000,107,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
MOD - [2012/05/04 17:19:02 | 000,098,592 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
MOD - [2012/05/04 17:19:02 | 000,092,960 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
MOD - [2012/05/04 17:19:02 | 000,092,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
MOD - [2012/05/04 17:02:02 | 000,618,968 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
MOD - [2012/01/04 17:58:25 | 000,985,088 | ---- | M] () -- C:\Eigene Programme\Open Office\program\libxml2.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/11/03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/12/09 07:08:08 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/12/09 04:00:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 14:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/27 01:23:46 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/05/08 18:17:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 18:17:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 18:17:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 17:19:02 | 000,274,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/12/06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/08 18:17:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 18:17:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/09/16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/12/29 03:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/20 20:31:18 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/20 20:31:16 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/09 04:46:36 | 008,281,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/12/09 04:46:36 | 008,281,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/09 03:18:44 | 000,292,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/09/29 22:19:58 | 000,046,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/06/17 10:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/02/18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/02/06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D3ACFDF8-6429-464F-B54B-88BD2146C86A}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://findgala.com/?&uid=8050&q={searchTerms}
IE - HKCU\..\SearchScopes\{D3ACFDF8-6429-464F-B54B-88BD2146C86A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_enDE393
IE - HKCU\..\SearchScopes\{F0844E00-3FAD-4157-B761-F1A8F53C06E8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/10 14:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/04 14:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/26 00:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Eigene Programme\Thunderbird\components [2013/02/20 22:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Eigene Programme\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Eigene Programme\Thunderbird\components [2013/02/20 22:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Eigene Programme\Thunderbird\plugins
 
[2013/02/26 00:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions
[2013/02/26 00:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
 
O1 HOSTS File: ([2012/03/01 16:57:05 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [ZoneAlarm Installer] C:\Program Files (x86)\CheckPoint\Install\Launcher.exe ()
O4 - Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Eigene Programme\Open Office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201F70FD-869A-4D56-8B1E-41F95FBAED79}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88127DE2-428D-468F-8980-0C499B36BDC4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 00:53:45 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Studium - Kopie
[2013/02/26 00:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Eltern - Kopie
[2013/02/26 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/26 00:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/26 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Mozilla
[2013/02/24 18:34:48 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/24 15:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/24 15:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/24 01:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lena\Calibre Bibliothek\Documents\Simply Super Software
[2013/02/24 01:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Simply Super Software
[2013/02/24 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013/02/24 01:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013/02/24 01:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013/02/22 01:51:19 | 000,000,000 | ---D | C] -- C:\UserData
[2013/02/13 11:26:17 | 000,000,000 | ---D | C] -- C:\Users\Lena\uli
[2013/02/04 01:32:27 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Local\www.rene-zeidler.de
[2013/02/04 01:32:18 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\www.rene-zeidler.de
[2013/02/04 01:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\www.rene-zeidler.de
[2013/02/04 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\SnippingToolPlusv3-4-1-0
[2013/02/04 00:47:31 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\FileZilla
[2013/02/04 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\FileZilla_3.6.0.2_win32
[2013/01/28 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\Lena\Calibre Bibliothek\Documents\My Digital Editions
[2013/01/28 16:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2013/01/28 16:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2013/01/28 16:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2013/01/28 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\HP
[2013/01/28 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/01/28 11:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/01/28 11:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/01/28 11:03:13 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510a-f
[2013/01/28 11:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/01/28 11:02:20 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/01/28 10:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/27 02:22:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 01:45:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 01:27:08 | 000,376,832 | ---- | M] () -- C:\Users\Lena\Desktop\gmer_2.1.19081.exe
[2013/02/27 01:26:04 | 000,334,014 | ---- | M] () -- C:\Users\Lena\Desktop\Anleitung.jpg
[2013/02/27 00:45:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 23:52:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 23:52:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 23:45:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/02/26 23:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/26 23:44:56 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 00:53:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/26 00:53:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/26 00:53:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/26 00:53:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/26 00:53:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/26 00:46:39 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/25 01:29:35 | 000,410,552 | ---- | M] () -- C:\Users\Lena\Desktop\bookmarks-2013-02-25.json
[2013/02/25 01:29:27 | 000,838,619 | ---- | M] () -- C:\Users\Lena\Desktop\bookmarks.html
[2013/02/24 18:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/24 18:32:34 | 127,444,664 | ---- | M] () -- C:\Users\Lena\avast_internet_security_setup.exe
[2013/02/24 01:09:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013/02/23 03:28:27 | 000,119,352 | ---- | M] () -- C:\Users\Lena\Calibre Bibliothek\Documents\cc_20130223_032819.reg
[2013/02/23 03:24:07 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/20 22:12:24 | 000,025,614 | ---- | M] () -- C:\Users\Lena\11073_392514084178758_478067304_n.jpg
[2013/02/19 23:52:00 | 000,056,563 | ---- | M] () -- C:\Users\Lena\.recently-used.xbel
[2013/02/19 20:06:56 | 001,080,443 | ---- | M] () -- C:\Users\Lena\Desktop\Fleisch.png
[2013/02/18 20:00:31 | 000,458,861 | ---- | M] () -- C:\Users\Lena\Kindergeldantrag Celle.pdf
[2013/02/18 11:53:57 | 002,496,960 | ---- | M] () -- C:\Users\Lena\Desktop\Fleischfacts.pdf
[2013/02/13 14:25:22 | 000,452,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/11 23:23:02 | 000,669,686 | ---- | M] () -- C:\Users\Lena\Desktop\SoSe2013.021.pdf
[2013/02/08 00:23:24 | 000,010,427 | ---- | M] () -- C:\Users\Lena\Protokoll Daniel.odt
[2013/01/29 09:59:36 | 000,001,654 | ---- | M] () -- C:\Users\Lena\Desktop\vpngui - Verknüpfung.lnk
[2013/01/29 09:54:00 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/01/28 19:08:55 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2013/01/28 16:40:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2013/01/28 16:39:16 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2013/01/28 11:13:50 | 000,017,437 | ---- | M] () -- C:\Users\Lena\Desktop\schild.FH9
[2013/01/28 11:07:49 | 000,128,023 | ---- | M] () -- C:\Windows\hpwins27.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/27 01:26:55 | 000,376,832 | ---- | C] () -- C:\Users\Lena\Desktop\gmer_2.1.19081.exe
[2013/02/27 01:26:04 | 000,334,014 | ---- | C] () -- C:\Users\Lena\Desktop\Anleitung.jpg
[2013/02/26 00:46:39 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/26 00:46:39 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/25 01:29:35 | 000,410,552 | ---- | C] () -- C:\Users\Lena\Desktop\bookmarks-2013-02-25.json
[2013/02/25 01:29:26 | 000,838,619 | ---- | C] () -- C:\Users\Lena\Desktop\bookmarks.html
[2013/02/24 18:35:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 18:35:37 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 18:34:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/24 15:29:40 | 127,444,664 | ---- | C] () -- C:\Users\Lena\avast_internet_security_setup.exe
[2013/02/24 01:09:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013/02/23 03:28:24 | 000,119,352 | ---- | C] () -- C:\Users\Lena\Calibre Bibliothek\Documents\cc_20130223_032819.reg
[2013/02/20 22:12:22 | 000,025,614 | ---- | C] () -- C:\Users\Lena\11073_392514084178758_478067304_n.jpg
[2013/02/19 23:52:00 | 000,056,563 | ---- | C] () -- C:\Users\Lena\.recently-used.xbel
[2013/02/19 20:06:56 | 001,080,443 | ---- | C] () -- C:\Users\Lena\Desktop\Fleisch.png
[2013/02/18 20:06:43 | 000,009,367 | ---- | C] () -- C:\Users\Lena\Calibre Bibliothek\Documents\Wichtige Daten!!.odt
[2013/02/18 20:00:31 | 000,458,861 | ---- | C] () -- C:\Users\Lena\Kindergeldantrag Celle.pdf
[2013/02/18 11:53:57 | 002,496,960 | ---- | C] () -- C:\Users\Lena\Desktop\Fleischfacts.pdf
[2013/02/11 23:23:00 | 000,669,686 | ---- | C] () -- C:\Users\Lena\Desktop\SoSe2013.021.pdf
[2013/02/08 00:23:21 | 000,010,427 | ---- | C] () -- C:\Users\Lena\Protokoll Daniel.odt
[2013/01/31 01:12:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013/01/29 09:59:36 | 000,001,654 | ---- | C] () -- C:\Users\Lena\Desktop\vpngui - Verknüpfung.lnk
[2013/01/28 19:08:55 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2013/01/28 16:39:16 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2013/01/28 16:39:02 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2013/01/28 11:01:26 | 000,128,023 | ---- | C] () -- C:\Windows\hpwins27.dat
[2013/01/28 11:01:26 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2013/01/11 23:11:36 | 001,742,850 | ---- | C] () -- C:\Users\Lena\Justus.JPG
[2013/01/09 01:35:21 | 000,796,300 | ---- | C] () -- C:\Users\Lena\creativity_matters.pdf
[2012/12/19 20:36:53 | 001,321,955 | ---- | C] () -- C:\Users\Lena\The-Holistic-Mamas-Recipe-Collection.pdf
[2012/12/12 01:16:55 | 000,018,284 | ---- | C] () -- C:\Users\Lena\Glodde Stammbaum Papa.odt
[2012/12/12 00:24:27 | 000,035,797 | ---- | C] () -- C:\Users\Lena\Glodde Stammbaum Silvia Glodde.pdf
[2012/11/28 20:06:15 | 001,824,166 | ---- | C] () -- C:\Users\Lena\IMG_4993.JPG
[2012/11/19 21:59:24 | 002,963,466 | ---- | C] () -- C:\Users\Lena\eBook-Real-Food-Nutrition-REV.pdf
[2012/09/02 00:45:51 | 000,009,367 | ---- | C] () -- C:\Users\Lena\Wichtige Daten!!.odt
[2012/08/06 11:02:30 | 000,005,576 | ---- | C] () -- C:\Users\Lena\Konto_1241416344_06-08-12.csv
[2012/05/07 19:54:58 | 000,021,404 | ---- | C] () -- C:\Users\Lena\Essenliste.FH9
[2012/04/29 20:04:48 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/01/21 13:05:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/04 18:04:44 | 000,000,226 | ---- | C] () -- C:\Users\Lena\AppData\Roaming\burnaware.ini
[2011/03/04 17:13:22 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/01/11 02:23:38 | 000,000,000 | -HSD | M] -- C:\Users\Lena\AppData\Roaming\.#
[2012/01/25 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Amazon
[2012/03/22 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Anarchy
[2012/01/11 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Anuman
[2012/01/04 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Big Fish Games
[2012/01/08 13:19:29 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\calibre
[2012/04/29 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Canneverbe Limited
[2012/01/04 14:33:03 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\CheckPoint
[2012/08/05 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\DivoGames
[2012/02/11 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Dreamsdwell Stories 2
[2013/02/19 23:51:09 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\FileZilla
[2012/06/16 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\FlyWheelGames
[2012/02/11 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\GAMGO
[2012/02/26 21:10:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Green Clover Games
[2013/02/19 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\gtk-2.0
[2012/07/22 00:43:13 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\GuardiansOfMagic
[2012/02/07 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\HdO Adventure
[2012/01/11 01:29:56 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Home Sweet Home 2
[2012/03/10 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\IronCode
[2012/08/07 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\JoyBits
[2012/01/04 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Lazy Turtle Games
[2012/03/11 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Meridian93
[2012/04/25 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Merscom
[2012/04/27 12:53:14 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Muse
[2012/07/14 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\My Games
[2012/03/31 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\MysteryStudio
[2012/04/06 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Natural Threat.Ominous Shores
[2012/01/04 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\OpenOffice.org
[2012/02/04 00:59:22 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Playrix Entertainment
[2012/06/29 13:13:45 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Rainbow
[2012/03/13 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Sahmon Games
[2012/05/20 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Shape games
[2012/07/02 08:15:49 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Silverback Productions
[2013/02/24 01:09:40 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Simply Super Software
[2012/07/12 11:29:00 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Sleepwalker Games
[2012/01/04 22:28:43 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\SPORE
[2012/03/26 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\TeamViewer
[2012/05/27 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Temp
[2012/01/04 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Thunderbird
[2012/08/07 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Unity
[2012/06/22 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\VC 2 Paradise Resort
[2012/01/21 13:05:21 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Virtual Prophecy
[2012/06/26 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Visan
[2013/02/04 01:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\www.rene-zeidler.de
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:F33592E3
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:3CAE2A70
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:63C29481
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:178093AE
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:A18D1A5B
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:887F3A41
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F41F8101
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:48C30809
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:02A78DF6
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:E4FCDFD9
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5EF72D85
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:2BC498A4
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D5BF78B4
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:ECFD9449
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:97C4F81F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:6F55EB66
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:241FA548
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:C1308100
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:40DA0795
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7E0EFF7B
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:A00BCDEF
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8917A3FD
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:E84CA8F2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:378824DE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:479B1CF9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8DF68137

< End of report >
--- --- ---


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lena :: BATTLESTAR [Administrator]

24.02.2013 11:02:56
mbam-log-2013-02-24 (11-02-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 517732
Laufzeit: 2 Stunde(n), 22 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 24. Februar 2013  12:02

Es wird nach 5069433 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : BATTLESTAR

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 19:14:50
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:17:00
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:17:01
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:17:04
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 08:18:32
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:24:08
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 00:05:48
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 22:16:28
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 15:40:31
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 19:13:49
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 23:20:01
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 23:20:01
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 23:20:02
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 23:20:02
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 23:20:02
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 00:51:37
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 00:51:35
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 13:36:10
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 22:37:24
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 22:37:24
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 22:37:28
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 22:37:29
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 19:22:56
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 19:22:59
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 00:12:43
VBASE023.VDF   : 7.11.62.112     2048 Bytes  23.02.2013 00:12:43
VBASE024.VDF   : 7.11.62.113     2048 Bytes  23.02.2013 00:12:43
VBASE025.VDF   : 7.11.62.114     2048 Bytes  23.02.2013 00:12:43
VBASE026.VDF   : 7.11.62.115     2048 Bytes  23.02.2013 00:12:43
VBASE027.VDF   : 7.11.62.116     2048 Bytes  23.02.2013 00:12:43
VBASE028.VDF   : 7.11.62.117     2048 Bytes  23.02.2013 00:12:43
VBASE029.VDF   : 7.11.62.118     2048 Bytes  23.02.2013 00:12:43
VBASE030.VDF   : 7.11.62.119     2048 Bytes  23.02.2013 00:12:44
VBASE031.VDF   : 7.11.62.128    34304 Bytes  23.02.2013 00:12:44
Engineversion  : 8.2.12.8  
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 22:16:44
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  22.02.2013 22:10:06
AESCN.DLL      : 8.1.10.0      131445 Bytes  15.12.2012 19:23:11
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:19:05
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 21:31:58
AEPACK.DLL     : 8.3.1.10      815480 Bytes  21.02.2013 19:23:13
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 19:12:12
AEHEUR.DLL     : 8.1.4.218    5792121 Bytes  22.02.2013 22:10:05
AEHELP.DLL     : 8.1.25.2      258423 Bytes  22.10.2012 15:06:50
AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 16:46:04
AEEXP.DLL      : 8.4.0.4       188789 Bytes  22.02.2013 22:10:07
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 22:16:43
AECORE.DLL     : 8.1.31.2      201080 Bytes  21.02.2013 19:23:06
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 19:12:05
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:17:00
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 19:14:48
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:17:04
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 19:14:47
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:17:00
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:17:04
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  09.08.2012 07:52:01
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:17:01
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  09.08.2012 07:51:49
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 19:14:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5129e478\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Sonntag, 24. Februar 2013  12:02

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMUpdater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKPrinterSDK.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKAiOHostService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Lena\AppData\Local\zyqrykuq.exe'
C:\Users\Lena\AppData\Local\zyqrykuq.exe
  [FUND]      Ist das Trojanische Pferd TR/Winwebsec.A.1800
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55ca5ea0.qua' verschoben!


Ende des Suchlaufs: Sonntag, 24. Februar 2013  12:03
Benötigte Zeit: 00:55 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     30 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     29 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
Geändert von Lena_ (27.02.2013 um 02:56 Uhr)

 

Themen zu Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)
agent, avast, avira, code, einfach, fehlermeldung, fertig, gelöscht, gmer, ide, installiert, internet, links, log-datei, neu, nicht mehr, nichts, plug-in, pop up, popups, problem, seite, super, testversion, trojaner, verschoben, version, wichtige daten, wordpress, überhaupt


« tool öffnet sich wenn ich etwas falsches oder unvollständiges in die Leiste eingebe http://search.incredibar.com/ | Computer gesperrt und 100 Euro zahlen »


Ähnliche Themen: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)


  1. 302 moved the document has moved here
    Log-Analyse und Auswertung - 03.08.2015 (12)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. Avast findet Virus "Bejeweled 2 Deluxe-WT.exe"
    Plagegeister aller Art und deren Bekämpfung - 12.10.2014 (17)
  4. Avast Antivirus findet Bedrohung "Win32:NextLive-A" (nengine:dll)
    Log-Analyse und Auswertung - 05.03.2014 (7)
  5. Virusproblem ? "Document has moved. Redirecting..." Alle Scans sind aber negativ
    Log-Analyse und Auswertung - 05.04.2013 (22)
  6. "Document has moved. Redirecting..." und Animations-/Werbefenster (?) auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (7)
  7. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. "The document has moved, redirecting..." & nginx-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  10. "The document has moved, redirecting..." & nginx-Virus
    Log-Analyse und Auswertung - 14.08.2012 (1)
  11. Avast! findet "Rootkit: hiddenfile" in meinem Windows Ordner
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  12. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  13. avast findet "giraffic.exe", danach findet malewarebytes 13 infizierte dateien..PUP.Hacktool.Patcher
    Log-Analyse und Auswertung - 26.08.2011 (5)
  14. Avast findet "Win32 Virut" auf Externer Festplatte
    Log-Analyse und Auswertung - 20.10.2010 (7)
  15. Malware-Software automatisch installiert - Meldung "Document has moved - redirecting"
    Log-Analyse und Auswertung - 28.05.2010 (8)
  16. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  17. HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!!
    Log-Analyse und Auswertung - 09.04.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) - Hallo, ich habe versucht so viele Punkte wie möglich von den goldenen Regln abzuarbeiten. Seit einigen Tagen habe ich das Problem, dass in FF links unten in fast jedem FEnster/Tab - Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig)...
Archiv
Du betrachtest: Pop up's und "302 Document moved" in FF und IE, avast findet php agent(?) (Noch nicht fertig) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131