Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner)

FroBro · 07.10.2011, 12:51

Ich habe folgendes Problem, ich habe den PC einer Bekannten bekommen, bei der alle Dateien wie Musik und wichtige Bilder nicht mehr auffindbar sind, nun wäre meine Frage ob diese noch zu retten sind und wenn ja, ob mir jemand helfen kann diese zu retten.

Das Problem ist aufgetreten nachdem AVG Anti-Virus Free Edition scan einen Trojaner gefunden.

Hier das AVG Virenquarantäne Protokoll:

"Warnung";"Registrierungsschlüssel mit Verweis auf die infizierte Datei C:\Users\Hazel\AppData\Roaming\Fatef\ivvea.exe gefunden";"HKU\S-1-5-21-4036628912-742717397-2109070340-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{63E33355-1A8C-0E2A-40C0-137CA841AE30}";"Nicht verfügbar";"03.10.2011, 16:44:51"
"Infektion";"Trojaner: PSW.Generic9.DXX";"c:\Users\Hazel\AppData\Roaming\Fatef\ivvea.exe";"Nicht verfügbar";"03.10.2011, 16:44:51"
"Infektion";"Luhe.Fiha.A gefunden";"C:\ProgramData\6DSS92c31Apgjk.exe";"Nicht verfügbar";"03.10.2011, 17:16:00"
"Infektion";"Trojaner: Generic25.NVJ";"C:\Users\Hazel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIRXCMW9\info[1].exe";"Nicht verfügbar";"05.10.2011, 12:48:18"
"Warnung";"Tracking cookie.Yieldmanager gefunden";"C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@ad.yieldmanager[1].txt";"Nicht verfügbar";"05.10.2011, 12:55:04"
"Warnung";"Tracking cookie.Ivwbox gefunden";"C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@ivwbox[1].txt";"Nicht verfügbar";"05.10.2011, 12:55:05"
"Warnung";"Tracking cookie.Tradedoubler gefunden";"C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@tradedoubler[2].txt";"Nicht verfügbar";"05.10.2011, 12:55:06"
"Warnung";"Tracking cookie.2o7 gefunden";"C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\cookies.sqlite";"Nicht verfügbar";"05.10.2011, 12:55:10"
"Malware";"Trojan.FakeAlert";"C:\PROGRAMDATA\HIFSRWIHFDMCY.EXE";"Nicht verfügbar";"03.10.2011, 16:41:00"

Vielen Dank schon einmal, falls ich irgendetwas vergessen habe, was essentiell zu erwähnen wäre, tut mir das Leid. Ich bin ein absoluter Newbie in Sachen Forum.

cosinus · 07.10.2011, 16:35

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

FroBro · 07.10.2011, 21:36

Erstmal vielen Dank für die prompte Antwort...Hier das Log-Protokoll von Malwarebytes, ESET Scan mache ich jetzt gleich und poste es dann.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7895

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

07.10.2011 22:32:13
mbam-log-2011-10-07 (22-32-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 298944
Laufzeit: 2 Stunde(n), 13 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{63E33355-1A8C-0E2A-40C0-137CA841AE30} (Trojan.ZbotR.Gen) -> Value: {63E33355-1A8C-0E2A-40C0-137CA841AE30} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Hazel\AppData\Local\Temp\1F8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Hazel\AppData\Local\Temp\w32tm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Lieben Gruß und Danke, Pablo

FroBro · 08.10.2011, 08:29

Hier die Eset-Logdatei:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6f4f250214d1fa4daa202f5fb853b7ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-07 10:51:18
# local_time=2011-10-08 12:51:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 367781 367781 0 0
# compatibility_mode=5892 16776574 100 100 367535 155552982 0 0
# compatibility_mode=8192 67108863 100 0 358 358 0 0
# scanned=145999
# found=0
# cleaned=0
# scan_time=7624

Beste Grüße Pablo

cosinus · 08.10.2011, 16:40

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

FroBro · 08.10.2011, 18:02

Nein, ich habe es erst gestern installiert, daher ist dies die einzige Logdatei.
Es sind nur zwei protection log.txt dateien...aber die meinst du nicht nicht, oder?

cosinus · 08.10.2011, 18:06

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

FroBro · 08.10.2011, 19:41

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.10.2011 19:43:44 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Hazel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,85% Memory free
6,18 Gb Paging File | 4,92 Gb Available in Paging File | 79,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 67,34 Gb Free Space | 46,74% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,90 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: HAZEL-PC | User Name: Hazel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.08 19:41:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hazel\Desktop\OTL.exe
PRC - [2011.09.23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2011.09.13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Pablo\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.04.05 02:35:43 | 000,119,608 | -H-- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.31 11:43:46 | 000,241,664 | -H-- | M] () -- C:\Stick1&1\Join Air\AssistantServices.exe
PRC - [2009.08.31 11:43:14 | 000,132,608 | -H-- | M] () -- C:\Stick1&1\Join Air\UIExec.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.08.26 02:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.31 11:43:14 | 000,132,608 | -H-- | M] () -- C:\Stick1&1\Join Air\UIExec.exe
MOD - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
MOD - [2007.08.14 06:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 06:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 06:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.31 11:43:46 | 000,241,664 | -H-- | M] () [Auto | Running] -- C:\Stick1&1\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.04.22 17:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.02.02 19:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 19:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 19:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.07 02:19:36 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wer-kennt-wen.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f06d7d01-7b2e-40d0-a305-52086df73e0a&apn_ptnrs=^AAA&apn_sauid=3E7BC5DB-0811-4419-9496-0E1CBD98A9C8&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.10.05 19:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.04 21:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2009.09.11 09:26:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Hazel\AppData\Roaming\mozilla\Extensions
[2011.09.28 17:09:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions
[2010.04.29 20:37:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.28 17:09:52 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.18 10:41:24 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.19 18:05:16 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com
[2011.10.04 13:31:25 | 000,002,341 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom-1.xml
[2011.10.03 02:53:09 | 000,002,404 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom.xml
[2011.10.04 21:21:40 | 000,002,342 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search-1.xml
[2009.12.20 00:11:03 | 000,000,694 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search.xml
[2010.02.21 02:48:53 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-1.xml
[2010.12.13 23:34:04 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-10.xml
[2011.03.02 21:45:45 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-11.xml
[2011.03.06 15:24:51 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-12.xml
[2011.03.25 21:59:28 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-13.xml
[2011.04.05 03:03:18 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-14.xml
[2011.06.23 22:59:55 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-15.xml
[2011.06.23 23:10:39 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-16.xml
[2011.07.31 01:36:09 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-17.xml
[2011.09.05 05:03:20 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-18.xml
[2011.09.11 13:27:55 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-19.xml
[2010.04.03 01:05:13 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-2.xml
[2011.09.30 19:03:08 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-20.xml
[2010.06.24 16:47:07 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-3.xml
[2010.07.24 19:10:21 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-4.xml
[2010.09.10 01:38:12 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-5.xml
[2010.09.19 12:43:00 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-6.xml
[2010.10.15 01:34:26 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-7.xml
[2010.10.21 18:15:30 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-8.xml
[2010.10.31 00:49:57 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-9.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.xml
[2011.06.23 23:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.27 00:08:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.05 19:38:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011.10.04 21:20:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.04 21:20:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 21:20:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 21:20:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 21:20:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 21:20:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 21:20:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Stick1&1\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCEE5CD-82F1-4942-909C-18AD52CC92F2}: DhcpNameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7525F760-1066-4213-BD4E-9937A59A7877}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0234B27-9586-40C8-8D06-BFC27799642B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5EB8BC2-4B11-4749-B5C8-436E26960095}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\Shell - "" = AutoRun
O33 - MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.08 19:41:38 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Hazel\Desktop\OTL.exe
[2011.10.07 22:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.07 20:12:55 | 000,000,000 | ---D | C] -- C:\Users\Hazel\AppData\Roaming\Malwarebytes
[2011.10.07 20:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.07 20:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.07 20:12:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.07 20:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pablo
[2011.10.05 19:37:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.10.04 21:26:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.10.03 16:44:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.10.03 16:40:38 | 000,000,000 | ---D | C] -- C:\Users\Hazel\AppData\Roaming\AVG2012
[2011.10.03 16:38:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.10.03 16:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.10.03 16:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.10.03 16:35:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.10.03 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.10.03 16:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.10.03 15:15:18 | 000,000,000 | -H-D | C] -- C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
[2011.09.13 06:30:10 | 000,032,592 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.08 19:41:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hazel\Desktop\OTL.exe
[2011.10.08 19:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.08 15:41:00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.08 15:41:00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.07 22:32:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\uhhnxeke.sys
[2011.10.07 20:12:48 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.07 20:02:55 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.07 16:27:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.10.07 13:50:00 | 106,040,092 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.10.05 19:38:12 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.10.03 16:17:04 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.10.03 15:18:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.03 15:16:29 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.03 15:16:29 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.03 15:15:19 | 000,000,605 | -H-- | M] () -- C:\Users\Hazel\Desktop\Data Restore.lnk
[2011.10.03 15:14:20 | 000,083,371 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.09.19 11:16:12 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.19 11:16:12 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.19 11:16:12 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.19 11:16:12 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.15 22:44:08 | 000,001,136 | -H-- | M] () -- C:\Users\Hazel\Desktop\Free 3GP Video Converter.lnk
[2011.09.15 22:44:08 | 000,001,032 | -H-- | M] () -- C:\Users\Hazel\Desktop\DVDVideoSoft Free Studio.lnk
[2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
 
========== Files Created - No Company Name ==========
 
[2011.10.07 22:32:52 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uhhnxeke.sys
[2011.10.07 20:12:48 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.07 13:50:00 | 106,040,092 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.10.03 16:37:48 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.10.03 16:17:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.10.03 15:16:29 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.03 15:16:29 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.03 15:15:19 | 000,000,605 | -H-- | C] () -- C:\Users\Hazel\Desktop\Data Restore.lnk
[2011.10.03 15:15:02 | 000,000,448 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.15 22:44:08 | 000,001,136 | -H-- | C] () -- C:\Users\Hazel\Desktop\Free 3GP Video Converter.lnk
[2011.04.05 05:12:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.22 02:14:03 | 000,000,680 | -H-- | C] () -- C:\Users\Hazel\AppData\Local\d3d9caps.dat
[2009.08.20 01:48:28 | 000,051,200 | -H-- | C] () -- C:\Users\Hazel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.27 02:02:37 | 000,083,371 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.03.27 02:02:32 | 000,083,371 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.07 19:01:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.07 02:49:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.07 02:49:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.07 02:40:10 | 000,004,222 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.11.07 02:36:28 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.11.07 02:36:09 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.11.07 02:36:09 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.11.07 02:15:28 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.11.07 02:15:28 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008.11.07 02:13:53 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.11.07 02:10:17 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.11.07 02:10:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.11.06 10:25:31 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.11.06 10:25:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.11.06 10:25:31 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.11.06 10:25:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.11.06 10:16:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,376,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.10 19:27:33 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\AliceHilfe
[2011.10.03 16:40:38 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\AVG2012
[2011.09.15 22:44:05 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\DVDVideoSoft
[2011.07.29 13:09:26 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.03 13:48:41 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Ewaks
[2011.10.03 16:44:51 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Fatef
[2011.10.04 21:20:17 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\ICQ
[2011.10.07 16:27:14 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.27 01:25:45 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Adobe
[2009.09.10 19:27:33 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\AliceHilfe
[2011.10.03 16:40:38 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\AVG2012
[2010.04.01 18:51:35 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\CyberLink
[2011.04.21 00:49:07 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\dvdcss
[2011.09.15 22:44:05 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\DVDVideoSoft
[2011.07.29 13:09:26 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.03 13:48:41 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Ewaks
[2011.10.03 16:44:51 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Fatef
[2011.10.04 21:20:17 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\ICQ
[2009.08.18 18:12:10 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Identities
[2011.01.04 20:15:46 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Intel
[2009.09.14 14:24:27 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Macromedia
[2011.10.07 20:12:55 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Media Center Programs
[2011.04.16 00:52:30 | 000,000,000 | --SD | M] -- C:\Users\Hazel\AppData\Roaming\Microsoft
[2009.09.11 09:26:03 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Mozilla
[2011.09.18 17:20:28 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.09.12 18:49:13 | 003,623,592 | -H-- | M] (Ask) -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.22 08:33:26 | 000,396,312 | ---- | M] (Intel Corporation) MD5=5C62352AFF7F1FB36B2C19329F7C949D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Hazel\Documents\MM One - Eiskalt.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Hazel\Desktop\MM One - Eiskalt.mp4:TOC.WMV

< End of report >

--- --- ---

cosinus · 09.10.2011, 16:45

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f06d7d01-7b2e-40d0-a305-52086df73e0a&apn_ptnrs=^AAA&apn_sauid=3E7BC5DB-0811-4419-9496-0E1CBD98A9C8&apn_dtid=^YYYYYY^YY^DE&&q="
[2011.09.28 17:09:52 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.19 18:05:16 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com
[2011.10.04 13:31:25 | 000,002,341 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom-1.xml
[2011.10.03 02:53:09 | 000,002,404 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom.xml
[2011.10.04 21:21:40 | 000,002,342 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search-1.xml
[2009.12.20 00:11:03 | 000,000,694 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search.xml
[2010.02.21 02:48:53 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-1.xml
[2010.12.13 23:34:04 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-10.xml
[2011.03.02 21:45:45 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-11.xml
[2011.03.06 15:24:51 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-12.xml
[2011.03.25 21:59:28 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-13.xml
[2011.04.05 03:03:18 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-14.xml
[2011.06.23 22:59:55 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-15.xml
[2011.06.23 23:10:39 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-16.xml
[2011.07.31 01:36:09 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-17.xml
[2011.09.05 05:03:20 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-18.xml
[2011.09.11 13:27:55 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-19.xml
[2010.04.03 01:05:13 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-2.xml
[2011.09.30 19:03:08 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-20.xml
[2010.06.24 16:47:07 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-3.xml
[2010.07.24 19:10:21 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-4.xml
[2010.09.10 01:38:12 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-5.xml
[2010.09.19 12:43:00 | 000,000,961 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-6.xml
[2010.10.15 01:34:26 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-7.xml
[2010.10.21 18:15:30 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-8.xml
[2010.10.31 00:49:57 | 000,000,950 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-9.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.xml
[2009.11.27 00:08:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\Shell - "" = AutoRun
O33 - MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
Drivers32: VIDC.I420 - MSh263.drv File not found
[2011.10.03 15:18:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.03 15:16:29 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.03 15:16:29 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.03 15:15:19 | 000,000,605 | -H-- | M] () -- C:\Users\Hazel\Desktop\Data Restore.lnk
[2011.10.07 22:32:52 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uhhnxeke.sys
[2011.09.03 13:48:41 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Ewaks
[2011.10.03 16:44:51 | 000,000,000 | -H-D | M] -- C:\Users\Hazel\AppData\Roaming\Fatef
[2011.09.12 18:49:13 | 003,623,592 | -H-- | M] (Ask) -- C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
:Files
C:\Programme\Ask.com
C:\Program Files\Ask.com
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

FroBro · 09.10.2011, 19:42

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f06d7d01-7b2e-40d0-a305-52086df73e0a&apn_ptnrs=^AAA&apn_sauid=3E7BC5DB-0811-4419-9496-0E1CBD98A9C8&apn_dtid=^YYYYYY^YY^DE&&q=" removed from keyword.URL
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-01-24-14-GMT folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Jul-2011-23-36-11-GMT folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-19-Sep-2011-16-05-18-GMT folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-05-Sep-2011-15-11-05-GMT folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom-1.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\askcom.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search-1.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icq-search.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f6359b6-975e-11e0-ae38-cc85c40b8cd1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f6359b7-975e-11e0-ae38-cc85c40b8cd1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b635f8e-9752-11e0-99ee-a906fab77dd0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b635f9a-9752-11e0-99ee-a906fab77dd0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e38768-6a88-11e0-9e94-babd12ad8389}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e38768-6a88-11e0-9e94-babd12ad8389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e38768-6a88-11e0-9e94-babd12ad8389}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.I420 deleted successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\Users\Hazel\Desktop\Data Restore.lnk moved successfully.
File C:\Windows\System32\drivers\uhhnxeke.sys not found.
C:\Users\Hazel\AppData\Roaming\Ewaks folder moved successfully.
C:\Users\Hazel\AppData\Roaming\Fatef folder moved successfully.
File C:\Users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hazel
->Temp folder emptied: 323867618 bytes
->Temporary Internet Files folder emptied: 84549031 bytes
->FireFox cache emptied: 249788417 bytes
->Flash cache emptied: 44309 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88366091 bytes
RecycleBin emptied: 2517822155 bytes

Total Files Cleaned = 3.113,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10092011_203342

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.10.2011, 12:16

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

FroBro · 10.10.2011, 17:04

18:02:32.0913 0504 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
18:02:33.0163 0504 ============================================================
18:02:33.0163 0504 Current date / time: 2011/10/10 18:02:33.0163
18:02:33.0163 0504 SystemInfo:
18:02:33.0163 0504
18:02:33.0163 0504 OS Version: 6.0.6001 ServicePack: 1.0
18:02:33.0163 0504 Product type: Workstation
18:02:33.0163 0504 ComputerName: HAZEL-PC
18:02:33.0163 0504 UserName: Hazel
18:02:33.0163 0504 Windows directory: C:\Windows
18:02:33.0163 0504 System windows directory: C:\Windows
18:02:33.0163 0504 Processor architecture: Intel x86
18:02:33.0163 0504 Number of processors: 2
18:02:33.0163 0504 Page size: 0x1000
18:02:33.0163 0504 Boot type: Normal boot
18:02:33.0163 0504 ============================================================
18:02:33.0974 0504 Initialize success
18:03:02.0974 5452 ============================================================
18:03:02.0974 5452 Scan started
18:03:02.0974 5452 Mode: Manual; SigCheck; TDLFS;
18:03:02.0974 5452 ============================================================
18:03:03.0848 5452 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:03:04.0051 5452 ACPI - ok
18:03:04.0768 5452 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:03:04.0846 5452 adp94xx - ok
18:03:05.0377 5452 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:03:05.0392 5452 adpahci - ok
18:03:05.0548 5452 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:03:05.0579 5452 adpu160m - ok
18:03:05.0689 5452 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:03:05.0704 5452 adpu320 - ok
18:03:05.0923 5452 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
18:03:06.0001 5452 AFD - ok
18:03:06.0250 5452 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:03:06.0437 5452 AgereSoftModem - ok
18:03:06.0781 5452 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:03:06.0796 5452 agp440 - ok
18:03:06.0968 5452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:03:06.0983 5452 aic78xx - ok
18:03:07.0046 5452 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:03:07.0061 5452 aliide - ok
18:03:07.0373 5452 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:03:07.0389 5452 amdagp - ok
18:03:07.0436 5452 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:03:07.0451 5452 amdide - ok
18:03:07.0654 5452 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:03:07.0779 5452 AmdK7 - ok
18:03:08.0294 5452 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:03:08.0403 5452 AmdK8 - ok
18:03:08.0590 5452 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:03:08.0606 5452 arc - ok
18:03:08.0715 5452 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:03:08.0731 5452 arcsas - ok
18:03:08.0840 5452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:08.0918 5452 AsyncMac - ok
18:03:08.0980 5452 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:03:08.0980 5452 atapi - ok
18:03:09.0183 5452 athr (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
18:03:09.0277 5452 athr - ok
18:03:09.0479 5452 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:03:09.0745 5452 AVGIDSDriver - ok
18:03:09.0838 5452 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:03:09.0838 5452 AVGIDSEH - ok
18:03:09.0901 5452 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:03:09.0901 5452 AVGIDSFilter - ok
18:03:10.0025 5452 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
18:03:10.0025 5452 AVGIDSShim - ok
18:03:10.0150 5452 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
18:03:10.0166 5452 Avgldx86 - ok
18:03:10.0306 5452 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:03:10.0306 5452 Avgmfx86 - ok
18:03:10.0431 5452 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:03:10.0447 5452 Avgrkx86 - ok
18:03:10.0712 5452 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
18:03:10.0727 5452 Avgtdix - ok
18:03:10.0961 5452 AVMUNET (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
18:03:11.0164 5452 AVMUNET - ok
18:03:11.0320 5452 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:03:11.0601 5452 bcm4sbxp - ok
18:03:11.0960 5452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:03:12.0100 5452 Beep - ok
18:03:12.0163 5452 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:03:12.0225 5452 blbdrive - ok
18:03:12.0287 5452 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:03:12.0334 5452 bowser - ok
18:03:12.0459 5452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:03:12.0599 5452 BrFiltLo - ok
18:03:12.0693 5452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:03:12.0755 5452 BrFiltUp - ok
18:03:12.0896 5452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:03:12.0974 5452 Brserid - ok
18:03:13.0052 5452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:03:13.0145 5452 BrSerWdm - ok
18:03:13.0239 5452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:03:13.0348 5452 BrUsbMdm - ok
18:03:13.0426 5452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:03:13.0489 5452 BrUsbSer - ok
18:03:13.0551 5452 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
18:03:13.0598 5452 BthEnum - ok
18:03:13.0738 5452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:03:13.0801 5452 BTHMODEM - ok
18:03:13.0832 5452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:03:13.0879 5452 BthPan - ok
18:03:13.0941 5452 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
18:03:13.0988 5452 BTHPORT - ok
18:03:14.0035 5452 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
18:03:14.0097 5452 BTHUSB - ok
18:03:14.0191 5452 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
18:03:14.0206 5452 btwaudio - ok
18:03:14.0253 5452 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
18:03:14.0269 5452 btwavdt - ok
18:03:14.0300 5452 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
18:03:14.0315 5452 btwrchid - ok
18:03:14.0378 5452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:03:14.0471 5452 cdfs - ok
18:03:14.0549 5452 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:03:14.0612 5452 cdrom - ok
18:03:14.0690 5452 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:03:14.0768 5452 circlass - ok
18:03:14.0846 5452 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:03:14.0893 5452 CLFS - ok
18:03:14.0971 5452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:15.0033 5452 CmBatt - ok
18:03:15.0080 5452 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:03:15.0095 5452 cmdide - ok
18:03:15.0142 5452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:03:15.0158 5452 Compbatt - ok
18:03:15.0173 5452 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:03:15.0189 5452 crcdisk - ok
18:03:15.0236 5452 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:03:15.0283 5452 Crusoe - ok
18:03:15.0376 5452 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:03:15.0454 5452 DfsC - ok
18:03:15.0563 5452 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:03:15.0579 5452 disk - ok
18:03:15.0641 5452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:03:15.0688 5452 drmkaud - ok
18:03:16.0016 5452 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:03:16.0109 5452 DXGKrnl - ok
18:03:16.0219 5452 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:03:16.0297 5452 E1G60 - ok
18:03:16.0359 5452 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:03:16.0375 5452 Ecache - ok
18:03:16.0468 5452 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:03:16.0499 5452 elxstor - ok
18:03:16.0577 5452 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:03:16.0655 5452 ErrDev - ok
18:03:16.0796 5452 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:03:16.0874 5452 exfat - ok
18:03:16.0952 5452 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:03:17.0030 5452 fastfat - ok
18:03:17.0155 5452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:03:17.0201 5452 fdc - ok
18:03:17.0248 5452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:03:17.0264 5452 FileInfo - ok
18:03:17.0295 5452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:03:17.0342 5452 Filetrace - ok
18:03:17.0373 5452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:17.0435 5452 flpydisk - ok
18:03:17.0482 5452 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:03:17.0498 5452 FltMgr - ok
18:03:17.0545 5452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:03:17.0623 5452 Fs_Rec - ok
18:03:17.0654 5452 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:03:17.0669 5452 gagp30kx - ok
18:03:17.0716 5452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:03:17.0810 5452 HdAudAddService - ok
18:03:17.0872 5452 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:03:17.0966 5452 HDAudBus - ok
18:03:18.0028 5452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:03:18.0122 5452 HidBth - ok
18:03:18.0184 5452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:03:18.0247 5452 HidIr - ok
18:03:18.0356 5452 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:03:18.0465 5452 HidUsb - ok
18:03:18.0668 5452 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:03:18.0683 5452 HpCISSs - ok
18:03:18.0839 5452 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:03:18.0917 5452 HTTP - ok
18:03:19.0058 5452 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:03:19.0136 5452 hwdatacard - ok
18:03:19.0245 5452 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:03:19.0307 5452 i2omp - ok
18:03:19.0370 5452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:03:19.0448 5452 i8042prt - ok
18:03:19.0604 5452 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:03:19.0853 5452 ialm - ok
18:03:19.0916 5452 iaNvStor (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
18:03:19.0947 5452 iaNvStor - ok
18:03:20.0041 5452 iaStor (abfebc5f846c71afebd7f8f6ba740c03) C:\Windows\system32\DRIVERS\iaStor.sys
18:03:20.0072 5452 iaStor - ok
18:03:20.0165 5452 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:03:20.0212 5452 iaStorV - ok
18:03:20.0259 5452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:03:20.0275 5452 iirsp - ok
18:03:20.0665 5452 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
18:03:20.0852 5452 IntcAzAudAddService - ok
18:03:21.0055 5452 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:03:21.0086 5452 intelide - ok
18:03:21.0133 5452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:03:21.0226 5452 intelppm - ok
18:03:21.0257 5452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:21.0320 5452 IpFilterDriver - ok
18:03:21.0335 5452 IpInIp - ok
18:03:21.0413 5452 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:03:21.0476 5452 IPMIDRV - ok
18:03:21.0523 5452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:03:21.0601 5452 IPNAT - ok
18:03:21.0632 5452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:03:21.0679 5452 IRENUM - ok
18:03:21.0710 5452 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:03:21.0725 5452 isapnp - ok
18:03:21.0788 5452 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:03:21.0803 5452 iScsiPrt - ok
18:03:21.0881 5452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:03:21.0897 5452 iteatapi - ok
18:03:21.0959 5452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:03:21.0975 5452 iteraid - ok
18:03:22.0053 5452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:03:22.0069 5452 kbdclass - ok
18:03:22.0178 5452 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:03:22.0240 5452 kbdhid - ok
18:03:22.0349 5452 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:03:22.0427 5452 KMDFMEMIO - ok
18:03:22.0521 5452 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:03:22.0552 5452 KSecDD - ok
18:03:22.0646 5452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:03:22.0693 5452 lltdio - ok
18:03:22.0755 5452 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:03:22.0771 5452 LSI_FC - ok
18:03:22.0849 5452 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:03:22.0864 5452 LSI_SAS - ok
18:03:22.0927 5452 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:03:22.0942 5452 LSI_SCSI - ok
18:03:22.0989 5452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:03:23.0051 5452 luafv - ok
18:03:23.0145 5452 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
18:03:23.0270 5452 massfilter - ok
18:03:23.0363 5452 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
18:03:23.0379 5452 MBAMProtector - ok
18:03:23.0395 5452 MBAMSwissArmy - ok
18:03:23.0457 5452 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:03:23.0488 5452 megasas - ok
18:03:23.0551 5452 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:03:23.0597 5452 MegaSR - ok
18:03:23.0629 5452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:03:23.0675 5452 Modem - ok
18:03:23.0722 5452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:03:23.0769 5452 monitor - ok
18:03:23.0785 5452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:03:23.0800 5452 mouclass - ok
18:03:23.0863 5452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:03:23.0894 5452 mouhid - ok
18:03:23.0941 5452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:03:23.0956 5452 MountMgr - ok
18:03:24.0019 5452 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:03:24.0034 5452 mpio - ok
18:03:24.0081 5452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:03:24.0112 5452 mpsdrv - ok
18:03:24.0159 5452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:03:24.0190 5452 Mraid35x - ok
18:03:24.0221 5452 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:03:24.0268 5452 MRxDAV - ok
18:03:24.0315 5452 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:24.0362 5452 mrxsmb - ok
18:03:24.0409 5452 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:24.0440 5452 mrxsmb10 - ok
18:03:24.0487 5452 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:24.0533 5452 mrxsmb20 - ok
18:03:24.0627 5452 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:03:24.0643 5452 msahci - ok
18:03:24.0674 5452 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:03:24.0689 5452 msdsm - ok
18:03:24.0767 5452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:03:24.0830 5452 Msfs - ok
18:03:24.0861 5452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:03:24.0877 5452 msisadrv - ok
18:03:24.0970 5452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:03:25.0001 5452 MSKSSRV - ok
18:03:25.0095 5452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:25.0142 5452 MSPCLOCK - ok
18:03:25.0251 5452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:03:25.0313 5452 MSPQM - ok
18:03:25.0438 5452 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:03:25.0454 5452 MsRPC - ok
18:03:25.0516 5452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:03:25.0532 5452 mssmbios - ok
18:03:25.0672 5452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:03:25.0719 5452 MSTEE - ok
18:03:25.0906 5452 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:03:25.0922 5452 Mup - ok
18:03:26.0062 5452 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:03:26.0140 5452 NativeWifiP - ok
18:03:26.0203 5452 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:03:26.0281 5452 NDIS - ok
18:03:26.0468 5452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:26.0530 5452 NdisTapi - ok
18:03:26.0593 5452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:26.0671 5452 Ndisuio - ok
18:03:26.0733 5452 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:26.0795 5452 NdisWan - ok
18:03:26.0811 5452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:03:26.0889 5452 NDProxy - ok
18:03:26.0983 5452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:03:27.0045 5452 NetBIOS - ok
18:03:27.0217 5452 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:03:27.0295 5452 netbt - ok
18:03:27.0575 5452 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:03:27.0716 5452 NETw3v32 - ok
18:03:27.0778 5452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:03:27.0794 5452 nfrd960 - ok
18:03:27.0841 5452 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:03:27.0903 5452 Npfs - ok
18:03:27.0934 5452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:03:27.0997 5452 nsiproxy - ok
18:03:28.0059 5452 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:03:28.0184 5452 Ntfs - ok
18:03:28.0277 5452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:03:28.0324 5452 ntrigdigi - ok
18:03:28.0402 5452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:03:28.0496 5452 Null - ok
18:03:28.0574 5452 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
18:03:28.0574 5452 NVHDA - ok
18:03:29.0089 5452 nvlddmkm (c526b4a24ef951ef219c3bfa1534b152) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:03:30.0149 5452 nvlddmkm - ok
18:03:30.0571 5452 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:03:30.0586 5452 nvraid - ok
18:03:30.0664 5452 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:03:30.0680 5452 nvstor - ok
18:03:30.0758 5452 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:03:30.0773 5452 nv_agp - ok
18:03:30.0789 5452 NwlnkFlt - ok
18:03:30.0805 5452 NwlnkFwd - ok
18:03:30.0898 5452 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:03:31.0007 5452 ohci1394 - ok
18:03:31.0085 5452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:03:31.0179 5452 Parport - ok
18:03:31.0226 5452 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:03:31.0241 5452 partmgr - ok
18:03:31.0366 5452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:03:31.0475 5452 Parvdm - ok
18:03:31.0569 5452 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:03:31.0585 5452 pci - ok
18:03:31.0725 5452 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:03:31.0741 5452 pciide - ok
18:03:31.0819 5452 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:03:31.0834 5452 pcmcia - ok
18:03:32.0006 5452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:03:32.0162 5452 PEAUTH - ok
18:03:32.0349 5452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:03:32.0396 5452 PptpMiniport - ok
18:03:32.0505 5452 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:03:32.0599 5452 Processor - ok
18:03:32.0661 5452 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:03:32.0755 5452 PSched - ok
18:03:32.0895 5452 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:03:33.0020 5452 ql2300 - ok
18:03:33.0067 5452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:03:33.0082 5452 ql40xx - ok
18:03:33.0191 5452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:03:33.0223 5452 QWAVEdrv - ok
18:03:33.0316 5452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:03:33.0379 5452 RasAcd - ok
18:03:33.0425 5452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:33.0488 5452 Rasl2tp - ok
18:03:33.0519 5452 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:33.0581 5452 RasPppoe - ok
18:03:33.0831 5452 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:03:33.0909 5452 RasSstp - ok
18:03:33.0956 5452 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:03:34.0018 5452 rdbss - ok
18:03:34.0127 5452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:34.0174 5452 RDPCDD - ok
18:03:34.0252 5452 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:03:34.0315 5452 rdpdr - ok
18:03:34.0330 5452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:03:34.0393 5452 RDPENCDD - ok
18:03:34.0439 5452 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:03:34.0486 5452 RDPWD - ok
18:03:34.0580 5452 RFCOMM (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
18:03:34.0611 5452 RFCOMM - ok
18:03:34.0673 5452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:03:34.0814 5452 rspndr - ok
18:03:34.0876 5452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:03:34.0892 5452 sbp2port - ok
18:03:35.0017 5452 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:03:35.0079 5452 sdbus - ok
18:03:35.0126 5452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:03:35.0235 5452 secdrv - ok
18:03:35.0329 5452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:03:35.0485 5452 Serenum - ok
18:03:35.0594 5452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:03:35.0656 5452 Serial - ok
18:03:35.0719 5452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:03:35.0859 5452 sermouse - ok
18:03:36.0015 5452 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:03:36.0077 5452 sffdisk - ok
18:03:36.0124 5452 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:03:36.0171 5452 sffp_mmc - ok
18:03:36.0218 5452 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:03:36.0296 5452 sffp_sd - ok
18:03:36.0405 5452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:03:36.0483 5452 sfloppy - ok
18:03:36.0592 5452 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:03:36.0608 5452 sisagp - ok
18:03:36.0748 5452 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:03:36.0779 5452 SiSRaid2 - ok
18:03:36.0826 5452 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:03:36.0842 5452 SiSRaid4 - ok
18:03:36.0873 5452 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:03:36.0935 5452 Smb - ok
18:03:37.0060 5452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:03:37.0060 5452 spldr - ok
18:03:37.0154 5452 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:03:37.0263 5452 srv - ok
18:03:37.0466 5452 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:03:37.0513 5452 srv2 - ok
18:03:37.0731 5452 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:03:37.0793 5452 srvnet - ok
18:03:37.0934 5452 StkCMini (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
18:03:38.0137 5452 StkCMini - ok
18:03:38.0183 5452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:03:38.0199 5452 swenum - ok
18:03:38.0261 5452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:03:38.0277 5452 Symc8xx - ok
18:03:38.0339 5452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:03:38.0355 5452 Sym_hi - ok
18:03:38.0386 5452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:03:38.0402 5452 Sym_u3 - ok
18:03:38.0480 5452 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
18:03:38.0495 5452 SynTP - ok
18:03:38.0667 5452 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
18:03:38.0714 5452 Tcpip - ok
18:03:38.0761 5452 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
18:03:38.0885 5452 Tcpip6 - ok
18:03:39.0010 5452 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:03:39.0088 5452 tcpipreg - ok
18:03:39.0166 5452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:03:39.0213 5452 TDPIPE - ok
18:03:39.0260 5452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:03:39.0307 5452 TDTCP - ok
18:03:39.0369 5452 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:03:39.0416 5452 tdx - ok
18:03:39.0494 5452 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:03:39.0525 5452 TermDD - ok
18:03:39.0587 5452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:39.0619 5452 tssecsrv - ok
18:03:39.0712 5452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:03:39.0790 5452 tunmp - ok
18:03:39.0868 5452 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:03:39.0946 5452 tunnel - ok
18:03:40.0024 5452 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:03:40.0040 5452 uagp35 - ok
18:03:40.0258 5452 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:03:40.0305 5452 udfs - ok
18:03:40.0461 5452 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:03:40.0477 5452 uliagpkx - ok
18:03:40.0601 5452 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:03:40.0633 5452 uliahci - ok
18:03:40.0742 5452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:03:40.0757 5452 UlSata - ok
18:03:40.0851 5452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:03:40.0867 5452 ulsata2 - ok
18:03:40.0929 5452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:03:41.0023 5452 umbus - ok
18:03:41.0210 5452 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
18:03:41.0288 5452 usbaudio - ok
18:03:41.0444 5452 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:41.0537 5452 usbccgp - ok
18:03:41.0600 5452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:03:41.0693 5452 usbcir - ok
18:03:41.0818 5452 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
18:03:41.0865 5452 usbehci - ok
18:03:41.0896 5452 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
18:03:41.0943 5452 usbhub - ok
18:03:42.0037 5452 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:03:42.0146 5452 usbohci - ok
18:03:42.0271 5452 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
18:03:42.0380 5452 usbprint - ok
18:03:42.0442 5452 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:42.0536 5452 USBSTOR - ok
18:03:42.0629 5452 usbuhci (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
18:03:42.0676 5452 usbuhci - ok
18:03:42.0754 5452 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:03:42.0801 5452 usbvideo - ok
18:03:42.0879 5452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:42.0926 5452 vga - ok
18:03:42.0941 5452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:03:42.0988 5452 VgaSave - ok
18:03:43.0051 5452 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:03:43.0066 5452 viaagp - ok
18:03:43.0144 5452 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:03:43.0191 5452 ViaC7 - ok
18:03:43.0269 5452 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:03:43.0285 5452 viaide - ok
18:03:43.0347 5452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:03:43.0363 5452 volmgr - ok
18:03:43.0425 5452 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:03:43.0456 5452 volmgrx - ok
18:03:43.0472 5452 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:03:43.0503 5452 volsnap - ok
18:03:43.0550 5452 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:03:43.0581 5452 vsmraid - ok
18:03:43.0643 5452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:03:43.0737 5452 WacomPen - ok
18:03:43.0768 5452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:43.0815 5452 Wanarp - ok
18:03:43.0862 5452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:43.0893 5452 Wanarpv6 - ok
18:03:43.0987 5452 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:03:44.0002 5452 Wd - ok
18:03:44.0111 5452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:03:44.0174 5452 Wdf01000 - ok
18:03:44.0501 5452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:03:44.0720 5452 WmiAcpi - ok
18:03:44.0860 5452 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:03:44.0907 5452 WpdUsb - ok
18:03:44.0985 5452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:03:45.0047 5452 ws2ifsl - ok
18:03:45.0266 5452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:45.0437 5452 WUDFRd - ok
18:03:45.0827 5452 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:03:45.0905 5452 yukonwlh - ok
18:03:46.0139 5452 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:03:46.0202 5452 ZTEusbmdm6k - ok
18:03:46.0233 5452 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:03:46.0342 5452 ZTEusbnmea - ok
18:03:46.0514 5452 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:03:46.0545 5452 ZTEusbser6k - ok
18:03:46.0623 5452 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
18:03:47.0637 5452 \Device\Harddisk0\DR0 - ok
18:03:47.0684 5452 Boot (0x1200) (95c7f1944de3a0071d250797181c4ba9) \Device\Harddisk0\DR0\Partition0
18:03:47.0684 5452 \Device\Harddisk0\DR0\Partition0 - ok
18:03:47.0731 5452 Boot (0x1200) (c94918c1e03beafba0ceb0795ba6ba52) \Device\Harddisk0\DR0\Partition1
18:03:47.0746 5452 \Device\Harddisk0\DR0\Partition1 - ok
18:03:47.0746 5452 ============================================================
18:03:47.0746 5452 Scan finished
18:03:47.0746 5452 ============================================================
18:03:47.0762 4680 Detected object count: 0
18:03:47.0762 4680 Actual detected object count: 0

cosinus · 10.10.2011, 17:41

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

FroBro · 10.10.2011, 19:12

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-10.02 - Hazel 10.10.2011  20:02:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1804 [GMT 2:00]
ausgeführt von:: c:\users\Hazel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
c:\users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-10 bis 2011-10-10  ))))))))))))))))))))))))))))))
.
.
2011-10-10 18:08 . 2011-10-10 18:08	--------	d-----w-	c:\users\Hazel\AppData\Local\temp
2011-10-10 18:08 . 2011-10-10 18:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-09 18:33 . 2011-10-09 18:33	--------	d-----w-	C:\_OTL
2011-10-08 08:31 . 2011-09-12 23:14	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FFACEB0-2008-4168-A30A-7DB8EBFE9000}\mpengine.dll
2011-10-07 20:38 . 2011-10-07 20:38	--------	d-----w-	c:\program files\ESET
2011-10-07 18:12 . 2011-10-07 18:12	--------	d-----w-	c:\users\Hazel\AppData\Roaming\Malwarebytes
2011-10-07 18:12 . 2011-10-07 18:12	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-07 18:12 . 2011-10-07 18:12	--------	d-----w-	c:\program files\Pablo
2011-10-07 18:12 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-04 19:26 . 2011-10-04 19:26	--------	d-----w-	c:\windows\system32\EventProviders
2011-10-03 14:44 . 2011-10-03 14:44	--------	d-----w-	C:\$AVG
2011-10-03 14:40 . 2011-10-03 14:40	--------	d-----w-	c:\users\Hazel\AppData\Roaming\AVG2012
2011-10-03 14:38 . 2011-10-03 14:38	--------	d-----w-	c:\programdata\Common Files
2011-10-03 14:35 . 2011-10-07 11:50	--------	d-----w-	c:\windows\system32\drivers\AVG
2011-10-03 14:35 . 2011-10-03 14:49	--------	d-----w-	c:\programdata\AVG2012
2011-10-03 14:34 . 2011-10-03 14:34	--------	d-----w-	c:\program files\AVG
2011-10-03 14:24 . 2011-10-10 15:59	--------	d-----w-	c:\programdata\MFAData
2011-09-13 04:30 . 2011-09-13 04:30	32592	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2011-09-11 01:50 . 2011-10-04 19:20	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-11 01:50 . 2011-10-04 19:20	19416	----a-w-	c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-09-11 01:50 . 2011-10-04 19:20	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-11 01:50 . 2011-10-04 19:20	125912	----a-w-	c:\program files\Mozilla Firefox\crashreporter.exe
2011-09-11 01:50 . 2011-10-04 19:20	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-11 01:50 . 2011-10-04 19:20	924632	----a-w-	c:\program files\Mozilla Firefox\firefox.exe
2011-09-11 01:50 . 2011-10-04 19:20	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-09-11 01:50 . 2011-10-04 19:20	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-11 01:50 . 2011-10-04 19:20	269272	----a-w-	c:\program files\Mozilla Firefox\freebl3.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:08 . 2011-08-08 04:08	40016	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2011-07-20 09:01 . 2011-05-14 11:48	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 19:20 . 2011-09-11 01:50	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-05 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UIExec"="c:\stick1&1\Join Air\UIExec.exe" [2009-08-31 132608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"Malwarebytes' Anti-Malware"="c:\program files\Pablo\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Pablo\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 UI Assistant Service;UI Assistant Service;c:\stick1&1\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-07 14976]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-10 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-11-07 13312]
S2 MBAMService;MBAMService;c:\program files\Pablo\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-01-16 31248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-03-28 1363088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 55821409
*Deregistered* - 55821409
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Hazel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 62.109.123.197 213.191.74.19
FF - ProfilePath - c:\users\Hazel\AppData\Roaming\Mozilla\Firefox\Profiles\7ctdpof1.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.wer-kennt-wen.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-10 20:08
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-10-10  20:11:34
ComboFix-quarantined-files.txt  2011-10-10 18:11
.
Vor Suchlauf: 12 Verzeichnis(se), 73.824.153.600 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 73.758.777.344 Bytes frei
.
- - End Of File - - 5F5FEB9771E02AB023A50AC63E93DC4F

--- --- ---

cosinus · 11.10.2011, 09:40

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

08.10.2011, 16:40	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner)

Plagegeister aller Art und deren Bekämpfung: Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner)