BKA-Trojaner LOG-AUswertung

Laie88 · 06.08.2011, 20:28

Hallo!
Ich habe seit Mittwoch den BKA-Virus. Nach zahlreichen Versuchen habe ich mit Hilfe einer Rescue-CD alle infizierten Dateien löschen lassen. Da der BKA-Bildschirm aber immer noch nicht weg war und ich nichts am PC machen konnte, habe ich mit Hilfe einer anderen Anleitung (http://www.trojaner-board.de/100309-...geht-mehr.html) eine OTLPE-CD erstellt.
Jetzt bin ich aber an dem Punkt angelangt, wo der Fragende aufgefordert wird, den LOG zu posten und komme daher an dieser Stelle nicht mehr weiter.
Bitte, kann mir irgendwer weiterhelfen???

Hier die Datei:

cosinus · 09.08.2011, 11:57

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0709&m=easynote_tj65
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8c88c6df0000000000000022fa566bfa&tlver=1.4.19.19&affID=17161
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} -  File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Ramona_Kalb_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Ramona_Kalb_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\Ramona_Kalb_ON_C..\Run: [2F7ZUJ7G5IWX6CXEKRQOGCAASI] C:\SystemData\217FA9663DF.exe (Choral Pushy)
O4 - HKU\Ramona_Kalb_ON_C..\Run: [Metropolis]  File not found
O20 - HKU\Ramona_Kalb_ON_C Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.24800707654549337.exe) - C:\Program Files\Mozilla Firefox\0.24800707654549337.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\Mozilla Firefox\0.24800707654549337.exe
C:\SystemData
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Laie88 · 09.08.2011, 13:43

Er funktioniert wieder

Ich freu mich! Vielen vielen Dank!

Im Anhang ist dann die Zip-Datei und die Log-File. Ich hoff, des passt alles so, wie ichs gemacht habe...

Die andern beiden Ordner C_Program Files und C_SystemData waren zu groß zum hinzufügen...

Laie88 · 09.08.2011, 13:55

Sorry, mein Fehler! Habs jetz beim Upload-Channel hochgeladen und es hat funktioniert ^^

Bin ich jetz dann fertig?

cosinus · 09.08.2011, 14:52

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Laie88 · 09.08.2011, 17:45

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7417

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

09.08.2011 18:44:39
mbam-log-2011-08-09 (18-44-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 332746
Laufzeit: 52 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\users\ramona kalb\appdata\local\temp\0.010720248489460071.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_otl\movedfiles\08092011_181545\c_program files\mozilla firefox\0.24800707654549337.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Laie88 · 09.08.2011, 18:10

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.08.2011 18:58:17 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Ramona Kalb\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,30% Memory free
6,18 Gb Paging File | 5,03 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,68 Gb Total Space | 68,78 Gb Free Space | 70,41% Space Free | Partition Type: NTFS
Drive E: | 200,41 Gb Total Space | 19,26 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
 
Computer Name: RAMONA | User Name: Ramona Kalb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.09 18:47:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona Kalb\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.25 16:31:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe
PRC - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.02.06 21:58:19 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.08.28 18:20:27 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.04.15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.04.02 08:31:34 | 001,552,497 | ---- | M] (Suyin) -- C:\Programme\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.03.10 00:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.24 08:05:24 | 000,077,824 | R--- | M] () -- C:\Programme\MSI\DigiVox Duo Utilities\AFRCtl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.12.18 10:15:00 | 000,104,960 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.12.18 10:15:00 | 000,072,192 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.12.17 18:12:40 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\MSI\TotalMedia 3.5\TMMonitor.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.09 18:47:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona Kalb\Desktop\OTL.exe
MOD - [2009.04.15 16:18:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll
MOD - [2009.03.01 21:54:46 | 000,040,960 | ---- | M] () -- C:\Programme\VideoWebCamera\Utility.dll
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Norton Internet Security)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.28 18:20:27 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.02 17:43:31 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.12.18 10:15:00 | 000,104,960 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.08 00:06:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.10 15:01:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.01.23 00:43:54 | 000,052,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.24 08:05:24 | 000,327,296 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0709&m=easynote_tj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=8c88c6df0000000000000022fa566bfa&tlver=1.4.19.19&affID=17161
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=8c88c6df0000000000000022fa566bfa&tlver=1.4.19.19&instlRef=sst&affID=17161&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.13 21:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.25 16:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 16:31:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010.10.18 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.13 21:51:26 | 000,000,000 | ---D | M]
 
[2009.08.02 16:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Extensions
[2011.08.09 14:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions
[2010.10.18 23:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.09.13 23:09:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.13 20:44:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.04 00:52:27 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.09 23:12:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com
[2009.12.08 22:31:56 | 000,000,881 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\conduit.xml
[2009.09.01 11:11:04 | 000,001,198 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\gmx-suche.xml
[2011.08.09 14:30:34 | 000,000,950 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-1.xml
[2011.03.09 22:56:33 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-10.xml
[2011.03.10 00:01:40 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-11.xml
[2011.05.05 21:07:02 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-12.xml
[2011.06.25 16:32:10 | 000,000,950 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-13.xml
[2009.11.28 01:42:56 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-2.xml
[2010.01.10 14:04:26 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-3.xml
[2010.02.18 17:34:50 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-4.xml
[2010.03.29 19:31:14 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-5.xml
[2010.09.16 23:49:39 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-6.xml
[2010.10.21 15:14:42 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-7.xml
[2010.10.28 22:37:42 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-8.xml
[2010.12.13 23:07:35 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-9.xml
[2010.09.13 23:09:16 | 000,000,168 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.gif
[2010.09.13 23:09:16 | 000,000,618 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.src
[2010.04.22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.xml
[2011.01.04 00:52:21 | 000,003,915 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\sweetim.xml
[2011.08.09 14:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.13 21:51:26 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.09.05 03:24:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.09.05 12:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.03.18 23:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.10.18 23:44:40 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2011.06.25 16:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.10 00:30:48 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.06.25 16:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.25 16:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.25 16:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.25 16:31:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.10 00:15:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramona Kalb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (c:\program files\mozilla firefox\0.24800707654549337.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\Ramona Kalb\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ramona Kalb\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.10 00:15:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.09 18:55:28 | 000,000,000 | R--D | C] -- C:\Users\Ramona Kalb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.08.09 18:47:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ramona Kalb\Desktop\OTL.exe
[2011.08.09 18:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011.08.09 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\AppData\Roaming\Malwarebytes
[2011.08.09 17:50:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.09 17:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.09 17:49:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.09 17:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.09 17:49:18 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ramona Kalb\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 14:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.08.07 05:21:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.07.26 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\Desktop\Bild-Bearbeitung
[2011.07.24 12:37:21 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\Desktop\Player
[2011.07.24 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\Desktop\Musik-Bearbeitung
[2011.07.23 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\Saved Games\Documents\HERMA
[2011.07.23 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\Ramona Kalb\AppData\Local\HERMA
[2011.07.23 11:20:52 | 000,000,000 | ---D | C] -- C:\HERMA
[2010.12.21 17:35:55 | 020,240,744 | ---- | C] (The GIMP Team                                               ) -- C:\Program Files\gimp-2.6.11-i686-setup.exe
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.09 18:56:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011.08.09 18:56:26 | 000,154,421 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.09 18:56:26 | 000,154,421 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.09 18:54:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 18:54:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 18:54:50 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011.08.09 18:54:49 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011.08.09 18:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.09 18:54:41 | 3213,737,984 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.09 18:47:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona Kalb\Desktop\OTL.exe
[2011.08.09 18:24:29 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.09 18:24:29 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.09 18:24:29 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.09 18:24:29 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.09 17:49:34 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ramona Kalb\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 14:34:18 | 002,801,152 | ---- | M] () -- C:\_OTL.exe
[2011.08.05 12:03:40 | 000,383,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.03 11:35:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.07.26 17:30:54 | 000,078,336 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.14 08:15:43 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\WebReg HP Officejet 4500 G510n-z.job
[2011.07.13 18:43:33 | 509,692,512 | ---- | M] () -- C:\Users\Ramona Kalb\Saved Games\Documents\TempImage.nrg
 
========== Files Created - No Company Name ==========
 
[2011.08.09 14:34:18 | 002,801,152 | ---- | C] () -- C:\_OTL.exe
[2011.08.06 15:04:07 | 3213,737,984 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.14 08:15:43 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\WebReg HP Officejet 4500 G510n-z.job
[2011.07.13 17:39:51 | 509,692,512 | ---- | C] () -- C:\Users\Ramona Kalb\Saved Games\Documents\TempImage.nrg
[2011.04.13 21:45:35 | 000,241,086 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.02.22 00:29:26 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.09.13 13:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\DER KÖNIG DER LÖWEN.ini
[2010.07.23 17:30:04 | 000,000,680 | ---- | C] () -- C:\Users\Ramona Kalb\AppData\Local\d3d9caps.dat
[2010.06.22 19:43:36 | 000,299,008 | ---- | C] () -- C:\Windows\afaunist.exe
[2010.06.22 19:43:36 | 000,001,869 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2010.06.22 19:43:33 | 000,000,224 | R--- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010.02.06 20:04:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.06 20:04:02 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.19 01:20:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.08 16:54:06 | 000,162,371 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.09.05 21:27:00 | 000,147,875 | ---- | C] () -- C:\Windows\hpiins06.dat
[2009.09.05 21:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl06.dat
[2009.08.29 21:51:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.18 09:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.08.02 19:18:00 | 000,078,336 | ---- | C] () -- C:\Users\Ramona Kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.02 17:50:04 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
[2009.08.02 16:43:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.08.02 16:43:35 | 000,008,180 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009.07.13 21:58:18 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.07.13 13:28:28 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.13 13:17:47 | 000,154,421 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.13 13:17:15 | 000,154,421 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.03.26 03:15:57 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.26 03:15:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.26 03:15:57 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.26 03:15:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.25 19:50:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.03.25 18:38:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.25 18:38:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.04 21:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.03.04 21:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.03.04 21:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.03.04 21:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,383,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.11.10 08:08:53 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\com.thumbplay.thumbplaymusic.5761B231E6D57E03ED1458FC63804F45A9FCE021.1
[2011.02.17 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.20 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\FinalMediaPlayer
[2011.02.22 00:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\FreeAudioPack
[2010.12.21 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\gtk-2.0
[2011.03.03 23:36:51 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\ICQ
[2009.08.02 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Packard Bell
[2010.02.06 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\PC Suite
[2011.03.15 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\PriceGong
[2010.02.06 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Samsung
[2009.08.02 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\TuneUp Software
[2009.11.21 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\VSO
[2011.07.08 17:16:08 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.08.09 18:54:49 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2011.08.09 18:54:50 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011.08.09 18:53:47 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.11 16:08:53 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Adobe
[2010.06.22 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\ArcSoft
[2010.11.10 08:08:53 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\com.thumbplay.thumbplaymusic.5761B231E6D57E03ED1458FC63804F45A9FCE021.1
[2010.02.18 16:51:49 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\CyberLink
[2009.11.29 12:41:28 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\DivX
[2011.02.17 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.20 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\FinalMediaPlayer
[2011.02.22 00:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\FreeAudioPack
[2010.12.21 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\gtk-2.0
[2011.04.13 21:54:43 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\HP
[2010.03.21 21:59:22 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\HpUpdate
[2011.03.03 23:36:51 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\ICQ
[2009.08.02 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Identities
[2009.08.02 16:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\InstallShield
[2009.08.02 16:07:56 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Macromedia
[2011.08.09 17:50:24 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Media Center Programs
[2011.04.13 21:12:21 | 000,000,000 | --SD | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Microsoft
[2009.08.02 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla
[2009.08.02 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Nero
[2009.08.02 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Packard Bell
[2010.02.06 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\PC Suite
[2011.03.15 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\PriceGong
[2010.02.06 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Samsung
[2009.08.02 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\TuneUp Software
[2009.11.21 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\VSO
[2010.10.18 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ramona Kalb\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.11.10 08:07:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ramona Kalb\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.06 21:57:37 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Ramona Kalb\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.08.09 14:34:18 | 002,801,152 | ---- | M] () -- C:\_OTL.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >

--- --- ---

cosinus · 09.08.2011, 19:18

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - File not found [Auto | Stopped] --  -- (Norton Internet Security)
[2010.10.18 23:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.09.13 23:09:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.13 20:44:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.04 00:52:27 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.09 23:12:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com
[2009.12.08 22:31:56 | 000,000,881 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\conduit.xml
[2009.09.01 11:11:04 | 000,001,198 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\gmx-suche.xml
[2011.08.09 14:30:34 | 000,000,950 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-1.xml
[2011.03.09 22:56:33 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-10.xml
[2011.03.10 00:01:40 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-11.xml
[2011.05.05 21:07:02 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-12.xml
[2011.06.25 16:32:10 | 000,000,950 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-13.xml
[2009.11.28 01:42:56 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-2.xml
[2010.01.10 14:04:26 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-3.xml
[2010.02.18 17:34:50 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-4.xml
[2010.03.29 19:31:14 | 000,000,954 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-5.xml
[2010.09.16 23:49:39 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-6.xml
[2010.10.21 15:14:42 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-7.xml
[2010.10.28 22:37:42 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-8.xml
[2010.12.13 23:07:35 | 000,000,961 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-9.xml
[2010.09.13 23:09:16 | 000,000,168 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.gif
[2010.09.13 23:09:16 | 000,000,618 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.src
[2010.04.22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.xml
[2011.01.04 00:52:21 | 000,003,915 | ---- | M] () -- C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\sweetim.xml
[2010.10.18 23:44:40 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
O20 - HKCU Winlogon: Shell - (c:\program files\mozilla firefox\0.24800707654549337.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Laie88 · 09.08.2011, 21:48

========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\tmp\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\tmp\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\tmp\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\tmp folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\text-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\props folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn\prop-base folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com\.svn folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\mozilla\Firefox\Profiles\j9pwctgf.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\conduit.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Ramona Kalb\AppData\Roaming\Mozilla\Firefox\Profiles\j9pwctgf.default\searchplugins\sweetim.xml moved successfully.
C:\PROGRAM FILES\PRICEGONG\2.1.0\FF\content folder moved successfully.
C:\PROGRAM FILES\PRICEGONG\2.1.0\FF\components folder moved successfully.
C:\PROGRAM FILES\PRICEGONG\2.1.0\FF folder moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:c:\program files\mozilla firefox\0.24800707654549337.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e154265-1f07-11e0-ac33-0022fa566bfa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e154265-1f07-11e0-ac33-0022fa566bfa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e154265-1f07-11e0-ac33-0022fa566bfa}\ not found.
File G:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.divxa32 deleted successfully.
C:\Windows\System32\DivXa32.acm moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.DIV3 deleted successfully.
C:\Windows\System32\DivXc32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.DIV4 deleted successfully.
C:\Windows\System32\DivXc32f.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08092011_224631

Laie88 · 10.08.2011, 08:43

Bin ich jetzt fertig???

cosinus · 10.08.2011, 10:43

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Laie88 · 11.08.2011, 09:21

2011/08/11 10:19:05.0699 4176 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/11 10:19:05.0934 4176 ================================================================================
2011/08/11 10:19:05.0934 4176 SystemInfo:
2011/08/11 10:19:05.0934 4176
2011/08/11 10:19:05.0934 4176 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/11 10:19:05.0934 4176 Product type: Workstation
2011/08/11 10:19:05.0934 4176 ComputerName: RAMONA
2011/08/11 10:19:05.0934 4176 UserName: Ramona Kalb
2011/08/11 10:19:05.0934 4176 Windows directory: C:\Windows
2011/08/11 10:19:05.0934 4176 System windows directory: C:\Windows
2011/08/11 10:19:05.0934 4176 Processor architecture: Intel x86
2011/08/11 10:19:05.0934 4176 Number of processors: 2
2011/08/11 10:19:05.0934 4176 Page size: 0x1000
2011/08/11 10:19:05.0934 4176 Boot type: Normal boot
2011/08/11 10:19:05.0934 4176 ================================================================================
2011/08/11 10:19:06.0349 4176 Initialize success
2011/08/11 10:19:08.0511 4944 ================================================================================
2011/08/11 10:19:08.0512 4944 Scan started
2011/08/11 10:19:08.0512 4944 Mode: Manual;
2011/08/11 10:19:08.0512 4944 ================================================================================
2011/08/11 10:19:09.0643 4944 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/08/11 10:19:09.0706 4944 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/11 10:19:09.0751 4944 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/11 10:19:09.0864 4944 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/11 10:19:09.0905 4944 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/11 10:19:10.0048 4944 AF15BDA (6e1cc5aa9817cd13fbceb35dac0a77f7) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/08/11 10:19:10.0170 4944 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/08/11 10:19:10.0242 4944 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/08/11 10:19:10.0357 4944 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/11 10:19:10.0444 4944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/11 10:19:10.0535 4944 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/11 10:19:10.0591 4944 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/11 10:19:10.0613 4944 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/11 10:19:10.0634 4944 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/11 10:19:10.0676 4944 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/11 10:19:10.0716 4944 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/11 10:19:10.0738 4944 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/11 10:19:10.0863 4944 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/11 10:19:10.0898 4944 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/08/11 10:19:11.0009 4944 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/11 10:19:11.0100 4944 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/11 10:19:11.0166 4944 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/11 10:19:11.0254 4944 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/11 10:19:11.0339 4944 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/11 10:19:11.0389 4944 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/11 10:19:11.0478 4944 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/11 10:19:11.0515 4944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/11 10:19:11.0641 4944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/11 10:19:11.0674 4944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/11 10:19:11.0711 4944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/11 10:19:11.0743 4944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/11 10:19:11.0779 4944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/11 10:19:11.0886 4944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/11 10:19:11.0935 4944 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/11 10:19:11.0980 4944 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/11 10:19:12.0085 4944 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/11 10:19:12.0159 4944 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/08/11 10:19:12.0311 4944 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/11 10:19:12.0342 4944 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/11 10:19:12.0408 4944 CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
2011/08/11 10:19:12.0534 4944 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/11 10:19:12.0585 4944 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/11 10:19:12.0627 4944 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/11 10:19:12.0723 4944 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/08/11 10:19:12.0838 4944 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/11 10:19:12.0920 4944 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/08/11 10:19:13.0039 4944 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/11 10:19:13.0177 4944 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/11 10:19:13.0204 4944 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/11 10:19:13.0250 4944 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/11 10:19:13.0391 4944 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/11 10:19:13.0507 4944 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/11 10:19:13.0591 4944 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/11 10:19:13.0733 4944 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/11 10:19:13.0966 4944 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/11 10:19:14.0110 4944 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/11 10:19:14.0191 4944 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/11 10:19:14.0360 4944 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/11 10:19:14.0561 4944 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/11 10:19:14.0740 4944 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/11 10:19:14.0854 4944 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/11 10:19:14.0905 4944 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/11 10:19:15.0102 4944 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/08/11 10:19:15.0224 4944 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/11 10:19:15.0342 4944 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/11 10:19:15.0627 4944 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/11 10:19:15.0762 4944 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/11 10:19:15.0777 4944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/11 10:19:15.0793 4944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/11 10:19:15.0962 4944 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/11 10:19:16.0121 4944 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/11 10:19:16.0322 4944 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
2011/08/11 10:19:16.0418 4944 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
2011/08/11 10:19:16.0578 4944 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
2011/08/11 10:19:16.0669 4944 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/11 10:19:16.0835 4944 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/11 10:19:17.0007 4944 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/08/11 10:19:17.0094 4944 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/11 10:19:17.0212 4944 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/11 10:19:17.0276 4944 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/11 10:19:17.0319 4944 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/11 10:19:17.0496 4944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/11 10:19:17.0530 4944 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/11 10:19:17.0570 4944 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/11 10:19:17.0723 4944 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/11 10:19:17.0915 4944 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/11 10:19:17.0965 4944 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/11 10:19:18.0004 4944 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/08/11 10:19:18.0117 4944 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/11 10:19:18.0239 4944 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/11 10:19:18.0331 4944 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/11 10:19:18.0420 4944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/11 10:19:18.0436 4944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/11 10:19:18.0542 4944 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/08/11 10:19:18.0706 4944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/11 10:19:18.0755 4944 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/11 10:19:18.0835 4944 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/11 10:19:19.0007 4944 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/11 10:19:19.0065 4944 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/11 10:19:19.0079 4944 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/11 10:19:19.0195 4944 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/11 10:19:19.0237 4944 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/11 10:19:19.0369 4944 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/11 10:19:19.0573 4944 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/11 10:19:19.0776 4944 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/11 10:19:19.0859 4944 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/11 10:19:19.0947 4944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/11 10:19:20.0022 4944 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/11 10:19:20.0044 4944 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/11 10:19:20.0072 4944 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/11 10:19:20.0193 4944 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/11 10:19:20.0302 4944 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/11 10:19:20.0489 4944 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/11 10:19:20.0559 4944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/11 10:19:20.0691 4944 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/11 10:19:20.0848 4944 mrxsmb (66592e91051728c3571b0d77175686ab) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/11 10:19:20.0885 4944 mrxsmb10 (aa9496b3b8f1d3cb2d2a731ba05464e0) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/11 10:19:20.0932 4944 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/11 10:19:21.0375 4944 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/08/11 10:19:21.0417 4944 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/11 10:19:21.0443 4944 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/11 10:19:21.0534 4944 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/11 10:19:21.0592 4944 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/11 10:19:21.0625 4944 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/11 10:19:21.0662 4944 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/11 10:19:21.0766 4944 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/11 10:19:21.0857 4944 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/11 10:19:21.0998 4944 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/11 10:19:22.0151 4944 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/11 10:19:22.0286 4944 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/11 10:19:22.0527 4944 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/08/11 10:19:22.0564 4944 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/11 10:19:22.0649 4944 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/11 10:19:22.0684 4944 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/11 10:19:22.0726 4944 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/11 10:19:22.0840 4944 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/11 10:19:22.0857 4944 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/11 10:19:23.0059 4944 NETw5v32 (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/08/11 10:19:23.0265 4944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/11 10:19:23.0320 4944 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/11 10:19:23.0336 4944 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/08/11 10:19:23.0371 4944 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/11 10:19:23.0482 4944 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/11 10:19:23.0610 4944 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/08/11 10:19:23.0696 4944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/11 10:19:23.0778 4944 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/11 10:19:23.0871 4944 NVHDA (5942c96a3ac3029490961949f9009344) C:\Windows\system32\drivers\nvhda32v.sys
2011/08/11 10:19:24.0170 4944 nvlddmkm (7faa756fefdd371745c88f8ae3141f0f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/11 10:19:24.0902 4944 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/11 10:19:24.0920 4944 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/11 10:19:27.0918 4944 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/11 10:19:28.0134 4944 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/11 10:19:28.0186 4944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/11 10:19:28.0219 4944 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/11 10:19:28.0295 4944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/11 10:19:28.0354 4944 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/08/11 10:19:28.0400 4944 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/08/11 10:19:28.0491 4944 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/11 10:19:28.0534 4944 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/11 10:19:28.0613 4944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/11 10:19:28.0759 4944 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/11 10:19:28.0809 4944 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/11 10:19:28.0908 4944 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/11 10:19:28.0965 4944 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/11 10:19:29.0034 4944 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/11 10:19:29.0154 4944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/11 10:19:29.0222 4944 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/11 10:19:29.0242 4944 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/11 10:19:29.0286 4944 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/11 10:19:29.0377 4944 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/11 10:19:29.0428 4944 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/11 10:19:29.0480 4944 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/11 10:19:29.0522 4944 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/11 10:19:29.0644 4944 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/11 10:19:29.0674 4944 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/11 10:19:29.0697 4944 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/11 10:19:29.0770 4944 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/11 10:19:29.0850 4944 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
2011/08/11 10:19:29.0920 4944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/11 10:19:30.0037 4944 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/11 10:19:30.0107 4944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/11 10:19:30.0134 4944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/11 10:19:30.0165 4944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/11 10:19:30.0235 4944 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/11 10:19:30.0309 4944 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/11 10:19:30.0337 4944 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/11 10:19:30.0354 4944 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/11 10:19:30.0370 4944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/11 10:19:30.0397 4944 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/11 10:19:30.0426 4944 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/11 10:19:30.0441 4944 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/11 10:19:30.0534 4944 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/11 10:19:30.0582 4944 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/11 10:19:30.0693 4944 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/08/11 10:19:30.0782 4944 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/11 10:19:30.0837 4944 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/11 10:19:30.0970 4944 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/11 10:19:31.0058 4944 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys
2011/08/11 10:19:31.0196 4944 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2011/08/11 10:19:31.0282 4944 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2011/08/11 10:19:31.0374 4944 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/11 10:19:31.0448 4944 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/11 10:19:31.0583 4944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/11 10:19:31.0635 4944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/11 10:19:31.0751 4944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/11 10:19:31.0819 4944 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/11 10:19:31.0976 4944 Tcpip (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\drivers\tcpip.sys
2011/08/11 10:19:32.0143 4944 Tcpip6 (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/11 10:19:32.0257 4944 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/11 10:19:32.0342 4944 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/11 10:19:32.0361 4944 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/11 10:19:32.0394 4944 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/11 10:19:32.0522 4944 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/11 10:19:32.0580 4944 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/11 10:19:32.0609 4944 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/11 10:19:32.0641 4944 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/11 10:19:32.0674 4944 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/11 10:19:32.0791 4944 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/08/11 10:19:32.0855 4944 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/11 10:19:32.0925 4944 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/11 10:19:33.0025 4944 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/11 10:19:33.0064 4944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/11 10:19:33.0111 4944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/11 10:19:33.0226 4944 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/11 10:19:33.0291 4944 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/11 10:19:33.0328 4944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/11 10:19:33.0444 4944 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/11 10:19:33.0509 4944 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/11 10:19:33.0599 4944 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/11 10:19:33.0677 4944 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/11 10:19:33.0730 4944 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/11 10:19:33.0816 4944 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/11 10:19:33.0883 4944 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/11 10:19:33.0950 4944 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/11 10:19:34.0035 4944 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/11 10:19:34.0143 4944 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/11 10:19:34.0160 4944 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/11 10:19:34.0221 4944 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/11 10:19:34.0304 4944 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/11 10:19:34.0367 4944 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/11 10:19:34.0395 4944 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/11 10:19:34.0437 4944 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/11 10:19:34.0570 4944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/11 10:19:34.0624 4944 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/11 10:19:34.0638 4944 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/11 10:19:34.0784 4944 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/11 10:19:34.0867 4944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/11 10:19:35.0033 4944 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/11 10:19:35.0193 4944 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/11 10:19:35.0259 4944 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/11 10:19:35.0349 4944 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/11 10:19:35.0399 4944 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
2011/08/11 10:19:35.0561 4944 Boot (0x1200) (a5de3ddf6a56476fa046ceca8531c91b) \Device\Harddisk0\DR0\Partition0
2011/08/11 10:19:35.0592 4944 Boot (0x1200) (aaada394b7f084f3489f08d7d3f26e9e) \Device\Harddisk0\DR0\Partition1
2011/08/11 10:19:35.0597 4944 ================================================================================
2011/08/11 10:19:35.0597 4944 Scan finished
2011/08/11 10:19:35.0597 4944 ================================================================================
2011/08/11 10:19:35.0610 4336 Detected object count: 0
2011/08/11 10:19:35.0610 4336 Actual detected object count: 0

BKA-Trojaner LOG-AUswertung

Log-Analyse und Auswertung: BKA-Trojaner LOG-AUswertung