Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2012, 23:59   #1
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hallo zusammen,

ich bin am verzweifeln! Ich habe mir gestern im Netz wohl einen schlimmen Virus eingefangen und kann per google und Selbstdiagnose jetzt nix mehr ausrichten. Daher wende ich mich vertrauensvoll an dieses Board - ich habe dringend professionelle Hilfe nötig.

Hier die Fakten zu meinem Problem:

Ich bin mit meinem PC (Win 7) über W-Lan im Netz. Während des surfens (nix wildes, einfach nur Mails checken) ist dann mein Antivirusprogramm Avast! ansgesprungen - mit irgendeiner Warnung. Noch bevor ich checken konnte was los war, hatte ich auch schon einen Bluescreen.

Seitdem bekomme ich bei jedem Neustart eine Fehlermeldung Code 10050 von Avast: Mailschutz kann nicht mehr aktiviert werden. Ich kann mich auch nicht mehr mit dem Internet verbinden, ausserdem hat es meinen Druckertreiber zerschossen.

Nach langer Recherche habe ich ermitteln können, dass ich es sich wohl um ein Problem mit Rootkit.Zeroaccess handelt, ein extrem schwer zu entfernendes Problem. Es sind wohl registry-einträge verändert/zerstört worden, die eine Internetverbindung unmöglich machen. Leider gibt es auch kein einfaches removal-tool oder dergleichen! Wahrscheinlich muss ich mit mir unbekannten Tools wie Combofix etc. arbeiten.

Deswegen bin ich händeringend auf der Suche nach einem Experten zwecks step-by-step Problemdiagnose. Ich poste auch gerne Logs - sofern man sie mir denn nennt und sie sachdienliche Hinweise liefern können!

Bitte, bitte helft mir. Ein dickes Dankeschön im Voraus!

Alt 07.02.2012, 10:17   #2
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



hi,
du wirst mit nem usb stick arbeiten müssen, um uns die logs zu kopieren.
sicherheitsmaßname auf beiden geräten:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
deaktiviere autorun.
wenn das erledigt ist, auf dem sauberen pc die programme laden, und auf den infizierten pc damit log erstellen, auf usb stick, und posten.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 07.02.2012, 14:08   #3
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



DANKE MARKUSG!

für die schnelle Antwort. Ich habe Deine Anweisungen befolgt und poste im Folgenden die OTL-Logs als Text. Alternativ habe ich auch die TXT-Dateien angehängt.

--------------------------------------------------------------------------

[COLOR="Red"]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.02.2012 14:22:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bumblebee\Desktop\QUALBI
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001407 | Country: Liechtenstein | Language: DEC | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 63.97% Memory free
6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910.41 Gb Total Space | 127.32 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 4.90 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive F: | 1.82 Gb Total Space | 1.26 Gb Free Space | 69.25% Space Free | Partition Type: FAT32
Drive G: | 3725.82 Gb Total Space | 379.85 Gb Free Space | 10.20% Space Free | Partition Type: NTFS
 
Computer Name: BUMBLEBEE-PC | User Name: Bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.07 13:48:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bumblebee\Desktop\QUALBI\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011.11.29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.29 20:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bumblebee\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010.01.07 09:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009.11.09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009.08.22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009.07.27 12:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2002.07.29 21:18:36 | 000,024,576 | ---- | M] () -- C:\Windows\System32\delttray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.21 18:37:51 | 000,115,137 | ---- | M] () -- C:\Users\Bumblebee\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2011.11.29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.11.23 19:08:25 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
MOD - [2011.11.23 19:06:56 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
MOD - [2011.11.23 19:06:48 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.11.23 16:25:01 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011.11.23 16:24:51 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011.11.23 16:24:48 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.11.23 16:24:41 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.11.23 16:24:40 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.11.23 16:24:38 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.11.23 16:24:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.11.23 16:24:37 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011.11.23 16:24:33 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.11.23 16:24:27 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.09.22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009.08.22 11:32:50 | 000,724,992 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2009.08.22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2009.07.27 12:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe
MOD - [2008.11.07 21:00:46 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2008.11.07 20:59:08 | 000,131,072 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002.07.29 21:18:36 | 000,024,576 | ---- | M] () -- C:\Windows\System32\delttray.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.05 14:40:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.07 09:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009.11.09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 00:37:14 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.19 15:01:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (MySlarez) [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011.03.11 07:06:44 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011.02.23 07:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.01.17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010.12.18 22:01:54 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.09.07 21:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.05.17 23:25:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.04 09:52:16 | 000,231,016 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010.01.22 10:20:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010.01.13 10:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2010.01.13 07:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010.01.12 08:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010.01.07 10:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009.12.23 10:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.10.29 16:23:42 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.10.29 16:23:40 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.05 14:10:42 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2009.08.11 06:46:30 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 14:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.07.27 12:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.04.29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2003.07.29 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2002.07.29 21:18:36 | 000,320,896 | ---- | M] (Midiman/M Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.03 13:14:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.30 11:39:28 | 000,000,000 | ---D | M]
 
[2010.02.18 02:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Extensions
[2012.02.01 13:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions
[2011.11.22 21:02:34 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2011.12.29 00:29:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.26 12:49:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\firefox@ghostery.com
[2010.10.19 19:41:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\firefox@tvunetworks.com
[2010.11.02 20:42:15 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\vshare@toolbar
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\uoxvda4w.default\searchplugins\startsear.xml
[2010.11.06 16:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\BUMBLEBEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UOXVDA4W.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.02.03 13:14:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.11.18 00:20:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.18 00:20:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.18 00:20:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.18 00:20:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.18 00:20:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.18 00:20:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.05 13:49:53 | 000,432,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:               127.0.0.1       virustotal.com
O1 - Hosts:               127.0.0.1       www.virustotal.com
O1 - Hosts:               127.0.0.1       virustotal
O1 - Hosts:               127.0.0.1       virscan.com
O1 - Hosts:               127.0.0.1       www.virscan.com
O1 - Hosts:               127.0.0.1       virscan
O1 - Hosts:               127.0.0.1       hxxp://virscan.com
O1 - Hosts:               127.0.0.1       virustotal
O1 - Hosts:               127.0.0.1       virscan
O1 - Hosts:               127.0.0.1       hxxp://virusscan.jotti.org/
O1 - Hosts:               127.0.0.1       virusscan.jotti.org/
O1 - Hosts:               127.0.0.1       www.virusscan.jotti.org/
O1 - Hosts:               127.0.0.1       scanner.novirusthanks.org/
O1 - Hosts:               127.0.0.1       hxxp://scanner.novirusthanks.org/
O1 - Hosts:               127.0.0.1       www.scanner.novirusthanks.org/
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 14911 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DeltTray] C:\Windows\System32\delttray.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\Windows\System32\TWEAKUI.CPL (Brummelchen@gmx.at)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bumblebee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{284eec60-1c26-11df-9626-1c4bd6285a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{284eec60-1c26-11df-9626-1c4bd6285a3b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{284eec66-1c26-11df-9626-1c4bd6285a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{284eec66-1c26-11df-9626-1c4bd6285a3b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{30f00fa8-51df-11df-99b7-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{30f00fa8-51df-11df-99b7-4061864d35d2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4430d990-e80b-11df-8a53-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{4430d990-e80b-11df-8a53-4061864d35d2}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE
O33 - MountPoints2\{6674276b-1e41-11df-8a8f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6674276b-1e41-11df-8a8f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{72fad9d0-6129-11df-aae6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72fad9d0-6129-11df-aae6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{805ee4c4-7268-11df-a9d4-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{805ee4c4-7268-11df-a9d4-4061864d35d2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9c9a91c0-36a8-11e0-9528-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{9c9a91c0-36a8-11e0-9528-4061864d35d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9ceea5db-1fed-11df-b340-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{9ceea5db-1fed-11df-b340-4061864d35d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ceea5e1-1fed-11df-b340-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{9ceea5e1-1fed-11df-b340-4061864d35d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad697231-828e-11df-93ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ad697231-828e-11df-93ad-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e73423ff-e5ae-11df-ba7a-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{e73423ff-e5ae-11df-ba7a-4061864d35d2}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE
O33 - MountPoints2\{ebc80afe-044c-11e0-a519-4061864d35d2}\Shell - "" = AutoRun
O33 - MountPoints2\{ebc80afe-044c-11e0-a519-4061864d35d2}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8CB346C3-19C1-4342-8A47-F5F00C2DA62E} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DeltTray - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Getting started with MacDrive 8 - hkey= - key= - C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
MsConfig - StartUpReg: MacDrive 8 application - hkey= - key= - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.07 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\QUALBI
[2012.02.07 00:37:13 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.02.06 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\AppData\Roaming\Malwarebytes
[2012.02.06 15:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 15:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 15:16:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.06 15:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.26 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\ELKE
[2012.01.26 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\HOTDOCS
[2012.01.26 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\Wanlov The Kubolor - African Gypsy
[2012.01.24 15:43:32 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012.01.24 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2012.01.21 19:57:44 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\HUGOBOSS
[2012.01.20 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Documents\CardRecovery
[2012.01.20 21:16:08 | 000,000,000 | ---D | C] -- C:\Avid MediaFiles
[2012.01.20 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZAR
[2012.01.20 20:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2012.01.20 19:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012.01.20 19:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Partition Recovery
[2012.01.20 19:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\RescuePRO Deluxe
[2012.01.17 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\SanFranciscoFestival
[2012.01.16 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\KOCHSHOW
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Bumblebee\AppData\Roaming\*.tmp files -> C:\Users\Bumblebee\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 14:15:00 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.07 14:15:00 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.07 14:15:00 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.07 14:15:00 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.07 14:03:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 14:03:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 13:56:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 13:56:14 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.07 02:52:28 | 002,168,507 | ---- | M] () -- C:\Users\Bumblebee\Desktop\SEITE_4.jpg
[2012.02.07 00:37:14 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.02.06 15:16:33 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 13:49:09 | 402,526,681 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.05 18:43:47 | 000,049,081 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Steuer.pdf
[2012.02.03 15:14:00 | 000,921,472 | ---- | M] () -- C:\Users\Bumblebee\Desktop\SONOR press sheet.pdf
[2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012.01.30 14:30:41 | 000,281,415 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Tribecca.pdf
[2012.01.30 09:05:58 | 033,970,736 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Poppin Biaaatch.wav
[2012.01.24 16:04:31 | 015,971,416 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Rapper Dapper Snapper.mp3
[2012.01.23 16:13:04 | 006,258,686 | ---- | M] () -- C:\Users\Bumblebee\Desktop\BassSkizze.wav
[2012.01.22 17:45:29 | 008,318,640 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Poppin REDUCED.mp3
[2012.01.22 15:40:28 | 004,446,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.20 23:08:14 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.01.20 19:06:05 | 000,000,093 | ---- | M] () -- C:\Users\Bumblebee\rpdeluxe.properties
[2012.01.17 11:35:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.01.11 23:33:04 | 000,000,816 | ---- | M] () -- C:\Users\Bumblebee\Adobe Encore_AME.pref
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Bumblebee\AppData\Roaming\*.tmp files -> C:\Users\Bumblebee\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 14:14:08 | 002,168,507 | ---- | C] () -- C:\Users\Bumblebee\Desktop\SEITE_4.jpg
[2012.02.06 15:16:33 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 18:43:47 | 000,049,081 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Steuer.pdf
[2012.02.03 15:14:00 | 000,921,472 | ---- | C] () -- C:\Users\Bumblebee\Desktop\SONOR press sheet.pdf
[2012.01.30 16:18:24 | 033,970,736 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Poppin Biaaatch.wav
[2012.01.30 14:30:41 | 000,281,415 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Tribecca.pdf
[2012.01.23 16:31:23 | 006,258,686 | ---- | C] () -- C:\Users\Bumblebee\Desktop\BassSkizze.wav
[2012.01.22 17:45:15 | 008,318,640 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Poppin REDUCED.mp3
[2012.01.20 19:04:37 | 000,000,093 | ---- | C] () -- C:\Users\Bumblebee\rpdeluxe.properties
[2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.11.26 15:41:50 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.11.26 15:41:50 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.11.23 18:34:55 | 005,206,016 | ---- | C] () -- C:\Windows\System32\mkl_genarts.dll
[2011.11.18 14:28:35 | 000,000,623 | ---- | C] () -- C:\Windows\System32\W_DEBUG.DAT
[2011.11.18 14:03:04 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
[2011.11.17 16:30:50 | 000,174,648 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.10.12 12:14:53 | 004,446,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.12 11:06:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.07.01 01:44:55 | 000,016,384 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\uoxvda4w.default.dat
[2011.06.06 11:16:36 | 000,000,132 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.28 17:49:40 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.04.26 15:26:01 | 000,007,602 | ---- | C] () -- C:\Users\Bumblebee\AppData\Local\Resmon.ResmonCfg
[2011.04.26 01:28:33 | 000,001,716 | -HS- | C] () -- C:\Windows\E88D4.exe
[2011.04.24 19:45:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.21 18:01:15 | 000,000,210 | ---- | C] () -- C:\Windows\MSUTIL.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.02.16 19:58:11 | 000,004,388 | ---- | C] () -- C:\Windows\cool.ini
[2011.02.16 19:56:41 | 000,082,398 | ---- | C] () -- C:\Windows\c96unins.exe
[2010.12.08 04:22:56 | 000,000,140 | ---- | C] () -- C:\Windows\MrSetup.ini
[2010.11.21 01:47:41 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.11.13 20:47:00 | 000,000,562 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.10.15 07:15:30 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.10.15 07:13:39 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2010.10.15 07:13:39 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.10.15 02:41:39 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010.10.15 02:41:39 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.10.05 11:51:48 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.16 22:55:52 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.10 11:23:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.03.10 00:50:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010.03.08 21:54:20 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2010.03.08 18:50:03 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2010.02.24 19:07:17 | 000,024,576 | ---- | C] () -- C:\Windows\System32\delttray.exe
[2010.02.24 17:21:25 | 001,900,132 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin
[2010.02.24 17:21:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\DigiPlatformSupport.dll
[2010.02.23 00:34:19 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2010.02.20 21:13:42 | 000,014,336 | ---- | C] () -- C:\Users\Bumblebee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.20 18:21:49 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2010.02.18 19:09:34 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.18 04:25:01 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.18 04:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.02.18 04:25:00 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.18 04:25:00 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.18 04:24:59 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.18 03:29:55 | 000,000,000 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\wklnhst.dat
[2009.10.26 11:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\System32\PtSSE2.dll
[2009.10.26 11:30:46 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2009.10.26 10:47:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\ntrights.exe
[2009.10.15 14:09:13 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.10.15 14:09:12 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2009.10.15 14:07:08 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2009.10.15 14:05:40 | 000,000,042 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.10.07 12:59:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.05 16:02:37 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009.10.05 16:02:37 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin
[2009.10.05 14:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.27 12:44:58 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
[2009.07.14 09:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2003.07.29 10:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000050.DLL
 
========== LOP Check ==========
 
[2011.12.19 15:50:08 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ameCache
[2010.03.08 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Audio Ease
[2010.03.08 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Avid
[2011.11.28 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\DAEMON Tools Lite
[2012.02.06 01:08:18 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Dropbox
[2011.12.01 14:19:56 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\FileZilla
[2011.04.12 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\GetRightToGo
[2011.09.17 22:39:26 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Kalypso Media
[2011.07.01 00:08:13 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\kock
[2010.11.08 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Leadertech
[2010.12.18 23:21:40 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\MPEG Streamclip
[2010.03.08 16:11:25 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\PACE Anti-Piracy
[2010.08.04 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\PCToolsFirewallPlus
[2010.12.18 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Pegasys Inc
[2011.09.17 16:54:03 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ProtectDISC
[2010.08.04 14:15:05 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Registry Mechanic
[2011.06.05 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011.12.21 18:37:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Samsung
[2011.08.17 16:46:57 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\SorensonMedia
[2010.03.08 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Steinberg
[2010.03.29 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\TeamViewer
[2011.12.21 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Temp
[2010.02.18 03:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Template
[2011.09.30 11:39:57 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Thunderbird
[2011.07.08 20:27:01 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\UAs
[2011.11.22 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\VshareComplete
[2010.05.18 00:42:15 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\VST3 Presets
[2010.08.23 11:22:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\X10Receiver.NET
[2011.07.13 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\xmldm
[2011.11.29 01:43:58 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.02.07 13:56:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.02.18 01:44:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.01.20 21:16:08 | 000,000,000 | ---D | M] -- C:\Avid MediaFiles
[2011.08.05 17:54:12 | 000,000,000 | ---D | M] -- C:\Avid MediaFiles_AVENTERRA
[2011.06.05 19:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010.02.18 01:44:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.20 12:01:07 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.02.06 15:16:31 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.02.06 15:16:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.18 01:44:33 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.18 01:44:33 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.07 14:24:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.26 23:37:51 | 000,000,000 | ---D | M] -- C:\temp
[2010.02.18 01:44:39 | 000,000,000 | R--D | M] -- C:\Users
[2011.02.10 05:09:07 | 000,000,000 | ---D | M] -- C:\W
[2012.02.07 13:57:32 | 000,000,000 | ---D | M] -- C:\Windows
[2011.07.01 01:44:54 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\Bumblebee\INSTALL\driver\Mainboard\nForce_5.10_WinXP2K_WHQL_international\IDE\Win2K\NvAtaBus.sys
[2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\Bumblebee\INSTALL\driver\Mainboard\nForce_5.10_WinXP2K_WHQL_international\IDE\WinXP\NvAtaBus.sys
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.17 23:25:03 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.01.11 23:33:04 | 000,000,816 | ---- | M] () -- C:\Users\Bumblebee\Adobe Encore_AME.pref
[2012.02.07 14:24:30 | 008,126,464 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT
[2012.02.07 14:24:29 | 000,262,144 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.dat.LOG1
[2010.02.18 01:44:40 | 000,000,000 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.dat.LOG2
[2010.02.18 05:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.02.18 05:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.02.18 05:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.02.18 01:44:40 | 000,000,020 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.ini
[2012.01.20 19:06:05 | 000,000,093 | ---- | M] () -- C:\Users\Bumblebee\rpdeluxe.properties
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB45060$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 982 bytes -> C:\ProgramData\Microsoft:5pcTG5RJILVCyIN8fgMvJ6
@Alternate Data Stream - 928 bytes -> C:\ProgramData\Microsoft:UNW1ojoe5fAHcNhMSGY
@Alternate Data Stream - 16 bytes -> C:\ProgramData\Tiffen:0C789544-1548-4951-80B9-E0C29DB5ECBD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 1113 bytes -> C:\ProgramData\Microsoft:ZTpUZo03XpU5WqpWh6o2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C31F31E6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         
--- --- ---


--------------------------------------------------------------------------


[COLOR="SeaGreen"]OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.02.2012 14:22:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bumblebee\Desktop\QUALBI
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001407 | Country: Liechtenstein | Language: DEC | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 63.97% Memory free
6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910.41 Gb Total Space | 127.32 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 4.90 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive F: | 1.82 Gb Total Space | 1.26 Gb Free Space | 69.25% Space Free | Partition Type: FAT32
Drive G: | 3725.82 Gb Total Space | 379.85 Gb Free Space | 10.20% Space Free | Partition Type: NTFS
 
Computer Name: BUMBLEBEE-PC | User Name: Bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E6B352F-F91D-43E6-8BB6-B772C32E83A9}" = Avid Media Composer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4b7ec652-b6b2-4868-97ef-af5f9c59ba0d}" = Nero 9 Trial
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.0
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7066F2DB-5032-4B6F-A8E7-A6F946043438}" = Adobe Setup
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F0E4311-D46D-456E-97CC-44F7E331DE66}" = Sorenson Squeeze 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D05F67B-EDFD-449A-9220-78A98CCECFC4}" = Dfx for Avid
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B705AA09-2E48-4095-904C-F6CE8B97DEF6}" = Active@ Partition Recovery
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAECE08E-4DEE-4164-A92A-3521C84C3B5A}" = MacDrive 8
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_85df662426fa6bb25f7d596f4d1b2a2" = Adobe Encore CS3
"Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"AudioEase Speakersphone VST RTAS_is1" = AudioEase Speakersphone VST RTAS v1.03
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dfx for Avid" = Dfx for Avid
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"emagic EXSP24 VST-PlugIn" = emagic EXSP24 VST-PlugIn
"FileZilla Client" = FileZilla Client 3.5.2
"Foxit PDF Editor" = Foxit PDF Editor
"GenArts Sapphire Plug-ins for Avid AVX_v3_is1" = GenArts Sapphire Plug-ins 3.04 for Avid AVX Products
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird (7.0)" = Mozilla Thunderbird (7.0)
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments ElektrikPiano" = Native Instruments ElektrikPiano (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oddity VST2" = GMediaMusic - Oddity VST2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rainlendar2" = Rainlendar2 (remove only)
"RapidShare Manager" = RapidShare Manager
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steinberg Cubase_is1" = Steinberg Cubase v4.1.3
"Steinberg Magneto VST v1.5" = Steinberg Magneto VST v1.5
"Trilogy_is1" = Trilogy
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"WaveLabPro" = WaveLab 6
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f58f3889281ea80b" = ContainerEx Decrypter
"MyFreeCodec" = MyFreeCodec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2011 21:02:59 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 14.06.2011 19:24:21 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
 Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe".  Die abhängige
 Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.06.2011 21:01:57 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
 Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe".  Die abhängige
 Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.06.2011 21:03:57 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 15.06.2011 19:16:14 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
 Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe".  Die abhängige
 Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.06.2011 19:18:47 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ Media Center Events ]
Error - 03.02.2012 09:03:55 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.02.2012 09:03:55 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.02.2012 09:03:56 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.02.2012 09:03:56 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:56 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.02.2012 09:04:02 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:56 - EpgListings konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ System Events ]
Error - 07.02.2012 08:56:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server-SMB-Treiber 1.xxx" ist vom Dienst "Server-SMB-Treiber
 2.xxx" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.02.2012 08:56:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Server-SMB-Treiber 1.xxx" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%22
 
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SSDP-Suche" ist vom Dienst "HTTP" abhängig, der aufgrund
 folgenden Fehlers nicht gestartet wurde:   %%22
 
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "HTTP" abhängig, der aufgrund
 folgenden Fehlers nicht gestartet wurde:   %%22
 
Error - 07.02.2012 08:58:53 | Computer Name = Bumblebee-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952450.
 
Error - 07.02.2012 08:58:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
 folgendem dienstspezifischem Fehler beendet: %%-2147014846.
 
Error - 07.02.2012 08:58:55 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147014846
 
Error - 07.02.2012 09:11:07 | Computer Name = Bumblebee-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: txt Extras.Txt (53,9 KB, 194x aufgerufen)
Dateityp: txt OTL.Txt (70,0 KB, 188x aufgerufen)

Alt 07.02.2012, 14:47   #4
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



hi
öffne malwarebytes, logdateien, poste alle berichte.

also auf nen stick kopieren und posten :-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat ()
 :Files
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2012, 16:25   #5
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hi MarkusG!

danke für deine Mühen. Hier die Logs von Malwarebytes:

------------------------------------------------------------------------

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.13.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Bumblebee :: BUMBLEBEE-PC [Administrator]

Schutz: Aktiviert

06.02.2012 15:17:07
mbam-log-2012-02-06 (15-17-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175672
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 19
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=d2fb3f10-1544-11e1-84f2-882bc869d270) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=d2fb3f10-1544-11e1-84f2-882bc869d270) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Roaming\lodupgd.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat110018.bat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat111644.bat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat111653.bat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Local\Temp\yr0.2520532922115817.exe (Exploit.Drop.7) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bumblebee\AppData\Local\Temp\yr0.8883272475961309.exe (Exploit.Drop.7) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

--------------------------------------------------------------------------

2012/02/06 15:17:02 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting protection
2012/02/06 15:17:03 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Executing scheduled update: Daily
2012/02/06 15:17:03 +0100 BUMBLEBEE-PC Bumblebee ERROR Scheduled update failed: No address found failed with error code 11004
2012/02/06 15:17:04 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Protection started successfully
2012/02/06 15:17:07 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/06 15:17:07 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/02/06 15:25:25 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting protection
2012/02/06 15:25:28 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Protection started successfully
2012/02/06 15:25:31 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/06 15:25:31 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/02/06 15:44:59 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting protection
2012/02/06 15:45:01 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Protection started successfully
2012/02/06 15:45:04 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/06 15:45:04 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/02/06 20:21:51 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/06 20:21:51 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/02/06 20:29:41 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/06 20:29:41 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753


------------------------------------------------------------------------


2012/02/07 00:25:38 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Executing scheduled update: Daily
2012/02/07 00:25:38 +0100 BUMBLEBEE-PC Bumblebee ERROR Scheduled update failed: No address found failed with error code 11004
2012/02/07 13:58:53 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting protection
2012/02/07 13:58:55 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Protection started successfully
2012/02/07 13:58:58 +0100 BUMBLEBEE-PC Bumblebee MESSAGE Starting IP protection
2012/02/07 13:58:58 +0100 BUMBLEBEE-PC Bumblebee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753


-------------------------------------------------------------------------


Hier findest du den Log von OTL:


All processes killed
========== OTL ==========
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bumblebee
->Flash cache emptied: 39265 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Bumblebee
->Temp folder emptied: 20837954 bytes
->Temporary Internet Files folder emptied: 24489827 bytes
->Java cache emptied: 30612 bytes
->FireFox cache emptied: 49870848 bytes
->Apple Safari cache emptied: 29285376 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34929 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 144 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151348602 bytes
RecycleBin emptied: 7737573 bytes

Total Files Cleaned = 270.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02072012_171402

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


-------------------------------------------------------------------------

Ich hoffe da ist noch was zu retten!!!???

Vielen lieben Dank!


Alt 07.02.2012, 16:31   #6
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



gucken wir mal weiter.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?

Alt 07.02.2012, 17:08   #7
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hi MarkusG,

scheint alles soweit geklappt zu haben. Beim Ausführen von Combofix wurde mir allerdings mitgeteil, dass es sich um eine "abgelaufene" Version handelt - ich habe das Programm demnach nur in einem reduzierten Modus ausführen können. Hier das entsprechende Log:



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-02.02 - Bumblebee 07.02.2012  17:53:44.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.41.1031.18.3071.2005 [GMT 1:00]
ausgeführt von:: c:\users\Bumblebee\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BUMBLE~1\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\users\Bumblebee\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\muzapp.exe
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-07 bis 2012-02-07  ))))))))))))))))))))))))))))))
.
.
2012-02-07 16:14 . 2012-02-07 16:14	--------	d-----w-	C:\_OTL
2012-02-06 23:37 . 2012-02-06 23:37	309320	----a-w-	c:\windows\system32\drivers\TrufosAlt.sys
2012-02-06 14:16 . 2012-02-06 14:16	--------	d-----w-	c:\users\Bumblebee\AppData\Roaming\Malwarebytes
2012-02-06 14:16 . 2012-02-06 14:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-06 14:16 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-26 11:53 . 2011-11-17 05:38	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-26 11:53 . 2011-11-17 05:48	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-26 11:53 . 2011-11-17 05:48	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-26 11:53 . 2011-11-17 05:42	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-26 11:53 . 2011-11-17 05:39	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-26 11:53 . 2011-11-17 05:39	314368	----a-w-	c:\windows\system32\webio.dll
2012-01-26 11:53 . 2011-11-17 05:39	99840	----a-w-	c:\windows\system32\sspicli.dll
2012-01-26 11:53 . 2011-11-17 05:39	15360	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-26 11:53 . 2011-11-17 05:39	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-26 11:53 . 2011-11-17 05:36	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-24 14:43 . 2012-01-24 14:43	--------	d-----w-	c:\program files\Xenocode
2012-01-20 20:16 . 2012-01-20 20:16	--------	d-----w-	C:\Avid MediaFiles
2012-01-20 20:08 . 2012-01-21 17:29	--------	d-----w-	c:\program files\ZAR
2012-01-20 19:45 . 2012-01-20 19:45	--------	d-----w-	c:\program files\Convar
2012-01-20 19:45 . 1998-06-17 23:00	89360	----a-w-	c:\windows\system32\VB5DB.DLL
2012-01-20 18:25 . 2012-01-20 18:25	--------	d-----w-	c:\program files\LSoft Technologies
2012-01-20 18:04 . 2012-01-21 17:30	--------	d-----w-	c:\program files\RescuePRO Deluxe
2012-01-11 11:17 . 2011-11-17 05:41	1288984	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 11:17 . 2011-11-19 14:06	67072	----a-w-	c:\windows\system32\packager.dll
2012-01-11 11:17 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 11:17 . 2011-10-26 04:28	514560	----a-w-	c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-05 16:03	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-06 13:32 . 2012-01-06 13:32	800824	----a-w-	c:\users\Default\AppData\Roaming\DPInst.exe
2012-01-06 13:32 . 2012-01-06 13:32	36352	----a-w-	c:\users\Default\AppData\Roaming\PnPutil.exe
2012-01-06 13:32 . 2012-01-06 13:32	106496	----a-w-	c:\users\Default\AppData\Roaming\gacutil.exe
2011-11-30 17:33 . 2011-11-30 17:33	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 15:39 . 2011-12-21 17:34	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-11-29 15:38 . 2011-11-29 15:38	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-11-29 15:38 . 2011-11-29 15:38	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-11-29 15:38 . 2011-11-29 15:38	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-11-29 15:38 . 2011-11-29 15:38	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2011-11-29 15:38 . 2011-11-29 15:38	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2011-11-29 15:38 . 2011-11-29 15:38	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2011-11-29 15:38 . 2011-11-29 15:38	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38	569344	----a-w-	c:\windows\system32\muzdecode.ax
2011-11-29 15:38 . 2011-11-29 15:38	491520	----a-w-	c:\windows\system32\muzapp.dll
2011-11-29 15:38 . 2011-11-29 15:38	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2011-11-29 15:38 . 2011-11-29 15:38	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2011-11-29 15:38 . 2011-11-29 15:38	40960	----a-w-	c:\windows\system32\MAMACExtract.dll
2011-11-29 15:38 . 2011-11-29 15:38	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2011-11-29 15:38 . 2011-11-29 15:38	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2011-11-29 15:38 . 2011-11-29 15:38	245760	----a-w-	c:\windows\system32\MSCLib.dll
2011-11-29 15:38 . 2011-11-29 15:38	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-11-29 15:38 . 2011-11-29 15:38	200704	----a-w-	c:\windows\system32\muzwmts.dll
2011-11-29 15:38 . 2011-11-29 15:38	155648	----a-w-	c:\windows\system32\MSFLib.dll
2011-11-29 15:38 . 2011-11-29 15:38	143360	----a-w-	c:\windows\system32\3DAudio.ax
2011-11-29 15:38 . 2011-11-29 15:38	135168	----a-w-	c:\windows\system32\muzaf1.dll
2011-11-29 15:38 . 2011-11-29 15:38	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2011-11-29 15:38 . 2011-11-29 15:38	122880	----a-w-	c:\windows\system32\muzeffect.ax
2011-11-29 15:38 . 2011-11-29 15:38	118784	----a-w-	c:\windows\system32\MaDRM.dll
2011-11-29 15:38 . 2011-11-29 15:38	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2011-11-29 15:38 . 2011-12-21 17:33	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-11-24 04:23 . 2011-12-14 19:38	2340352	----a-w-	c:\windows\system32\win32k.sys
2011-11-23 13:50 . 2011-11-23 13:50	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2012-02-03 12:14 . 2011-11-17 23:20	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2010-02-18 106544]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"DeltTray"="DeltTray.exe" [2002-07-29 24576]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.exe,"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave7"=Digi32.dll
"MIDI6"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
2002-07-29 20:18	24576	----a-w-	c:\windows\System32\delttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive 8]
2009-03-31 14:21	141312	----a-w-	c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 8 application]
2010-02-04 11:42	289368	----a-w-	c:\program files\Mediafour\MacDrive 8\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2012-02-06 309320]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-17 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 57800]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-01-17 251560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2009-08-11 16400]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 192512]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-03-11 160576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [2009-07-27 302472]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-19 218688]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-12 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-01-07 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-01-13 115216]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284eec60-1c26-11df-9626-1c4bd6285a3b}]
\shell\AutoRun\command - J:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284eec66-1c26-11df-9626-1c4bd6285a3b}]
\shell\AutoRun\command - J:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f00fa8-51df-11df-99b7-4061864d35d2}]
\shell\AutoRun\command - H:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4430d990-e80b-11df-8a53-4061864d35d2}]
\shell\AutoRun\command - F:\AUTOSTARTER.EXE
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6674276b-1e41-11df-8a8f-806e6f6e6963}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72fad9d0-6129-11df-aae6-806e6f6e6963}]
\shell\AutoRun\command - H:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{805ee4c4-7268-11df-a9d4-4061864d35d2}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c9a91c0-36a8-11e0-9528-4061864d35d2}]
\shell\AutoRun\command - G:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceea5db-1fed-11df-b340-4061864d35d2}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceea5e1-1fed-11df-b340-4061864d35d2}]
\shell\AutoRun\command - G:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad697231-828e-11df-93ad-806e6f6e6963}]
\shell\AutoRun\command - H:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73423ff-e5ae-11df-ba7a-4061864d35d2}]
\shell\AutoRun\command - F:\AUTOSTARTER.EXE
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebc80afe-044c-11e0-a519-4061864d35d2}]
\shell\AutoRun\command - M:\LaunchU3.exe -a
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\Bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\uoxvda4w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3882686505-2461736908-3790935052-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,de,e5,18,6e,88,2a,c3,78,ad,37,7f,95,af,cc,a3,05,81,d7,bd,2e,
   87,dd,7a,c7,97,0e,69,2a,19,7e,7f,83,57,51,1e,2a,8a,34,9f,4e,d0,c2,72,a5,4d,\
"rkeysecu"=hex:3f,9c,3c,21,51,97,f9,28,c8,cb,cc,9b,ea,38,4c,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1016)
c:\users\Bumblebee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-07  18:03:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-07 17:03
.
Vor Suchlauf: 11 Verzeichnis(se), 136'006'168'576 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 135'822'114'816 Bytes frei
.
- - End Of File - - 29493F7C553439D3DB6755230413E217
         
--- --- ---
Angehängte Dateien
Dateityp: txt ComboLog.txt (23,5 KB, 198x aufgerufen)

Alt 07.02.2012, 18:13   #8
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



ok, haben sich bereits besserungen ergeben?
kannst du über systemsteuerung, software, avast reparieren?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2012, 19:59   #9
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hallo nochmal!

also beim Neustart kommt immer noch die Fehlermeldung 10050 "avast! kann nicht mehr Ihre Mail/Nachrichten schützen".

Die Internetverbindung kann leider auch noch nicht wieder hergestellt werden.
Ich habe Avast in der Systemsteuerung reparieren lassen. Im Programm selber ist die Kategorie "Web-Schutz" immer noch nicht aktiv und auch nicht zu reaktivieren.

Alles beim alten bis jetzt...

Beste Grüße,
Benkah

Alt 07.02.2012, 20:09   #10
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



welche fehlermeldung gibts, wenn du dich mit dem internet verbinden willst?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2012, 20:34   #11
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hello again,

beim Verbinden bekomme ich die Meldung "Die Konnektivität mit AliceWlan ist derzeit eingeschränkt". Mit meinem Laptop komme ich aber problemlos ins gleiche Netz. Zu einem anderen offenen Netzwerk kann ich ebenfalls keine Verbindung herstellen.

TDSSKiller hat einiges gefunden. Hier der Log:

21:24:14.0763 3440 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
21:24:14.0779 3440 ============================================================
21:24:14.0779 3440 Current date / time: 2012/02/07 21:24:14.0779
21:24:14.0779 3440 SystemInfo:
21:24:14.0779 3440
21:24:14.0779 3440 OS Version: 6.1.7600 ServicePack: 0.0
21:24:14.0779 3440 Product type: Workstation
21:24:14.0779 3440 ComputerName: BUMBLEBEE-PC
21:24:14.0779 3440 UserName: Bumblebee
21:24:14.0779 3440 Windows directory: C:\Windows
21:24:14.0779 3440 System windows directory: C:\Windows
21:24:14.0779 3440 Processor architecture: Intel x86
21:24:14.0779 3440 Number of processors: 4
21:24:14.0779 3440 Page size: 0x1000
21:24:14.0779 3440 Boot type: Normal boot
21:24:14.0779 3440 ============================================================
21:24:15.0699 3440 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:24:15.0699 3440 Drive \Device\Harddisk1\DR1 - Size: 0x3A38122C000 (3726.02 Gb), SectorSize: 0x200, Cylinders: 0x76C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:31.0424 3440 Drive \Device\Harddisk5\DR5 - Size: 0x74D00000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:31.0424 3440 \Device\Harddisk0\DR0:
21:24:31.0424 3440 MBR used
21:24:31.0424 3440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:24:31.0424 3440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD2800
21:24:31.0424 3440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
21:24:31.0424 3440 \Device\Harddisk1\DR1:
21:24:31.0424 3440 GPT used
21:24:31.0424 3440 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {90F38106-322D-4CEF-8B24-E25EFE048494}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
21:24:31.0424 3440 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7CF25518-7A40-4D27-8C93-32A080559959}, Name: Basic data partition, StartLBA 0x64800, BlocksNum 0xD1BA4000
21:24:31.0424 3440 \Device\Harddisk5\DR5:
21:24:31.0424 3440 MBR used
21:24:31.0424 3440 \Device\Harddisk5\DR5\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3A67E0
21:24:31.0580 3440 Initialize success
21:24:31.0580 3440 ============================================================
21:24:54.0403 3208 ============================================================
21:24:54.0403 3208 Scan started
21:24:54.0403 3208 Mode: Manual; SigCheck; TDLFS;
21:24:54.0403 3208 ============================================================
21:24:54.0902 3208 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:24:54.0995 3208 1394ohci - ok
21:24:55.0042 3208 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
21:24:55.0089 3208 61883 - ok
21:24:55.0151 3208 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
21:24:55.0214 3208 acedrv11 - ok
21:24:55.0261 3208 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:24:55.0276 3208 ACPI - ok
21:24:55.0323 3208 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:24:55.0354 3208 AcpiPmi - ok
21:24:55.0417 3208 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:55.0432 3208 adp94xx - ok
21:24:55.0463 3208 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:24:55.0479 3208 adpahci - ok
21:24:55.0495 3208 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:24:55.0510 3208 adpu320 - ok
21:24:55.0588 3208 AFD (ffdf38e0df346dce8a39c84026d308ae) C:\Windows\system32\drivers\afd.sys
21:24:55.0588 3208 AFD ( Virus.Win32.ZAccess.l ) - infected
21:24:55.0588 3208 AFD - detected Virus.Win32.ZAccess.l (0)
21:24:55.0604 3208 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:24:55.0619 3208 agp440 - ok
21:24:55.0651 3208 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:24:55.0666 3208 aic78xx - ok
21:24:55.0713 3208 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:24:55.0729 3208 aliide - ok
21:24:55.0744 3208 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:24:55.0744 3208 amdagp - ok
21:24:55.0760 3208 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:24:55.0775 3208 amdide - ok
21:24:55.0791 3208 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:24:55.0822 3208 AmdK8 - ok
21:24:55.0822 3208 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:24:55.0853 3208 AmdPPM - ok
21:24:55.0900 3208 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:24:55.0900 3208 amdsata - ok
21:24:55.0916 3208 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:55.0931 3208 amdsbs - ok
21:24:55.0963 3208 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:24:55.0978 3208 amdxata - ok
21:24:55.0978 3208 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:24:56.0009 3208 AppID - ok
21:24:56.0056 3208 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:24:56.0072 3208 arc - ok
21:24:56.0072 3208 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:24:56.0087 3208 arcsas - ok
21:24:56.0150 3208 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
21:24:56.0165 3208 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
21:24:56.0165 3208 Aspi32 - detected UnsignedFile.Multi.Generic (1)
21:24:56.0228 3208 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
21:24:56.0259 3208 aswFsBlk - ok
21:24:56.0321 3208 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
21:24:56.0353 3208 aswMonFlt - ok
21:24:56.0368 3208 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
21:24:56.0399 3208 aswRdr - ok
21:24:56.0462 3208 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
21:24:56.0509 3208 aswSnx - ok
21:24:56.0524 3208 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
21:24:56.0571 3208 aswSP - ok
21:24:56.0587 3208 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
21:24:56.0618 3208 aswTdi - ok
21:24:56.0633 3208 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:56.0680 3208 AsyncMac - ok
21:24:56.0727 3208 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:24:56.0727 3208 atapi - ok
21:24:56.0789 3208 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
21:24:56.0836 3208 Avc - ok
21:24:56.0867 3208 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:24:56.0899 3208 b06bdrv - ok
21:24:56.0914 3208 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:24:56.0945 3208 b57nd60x - ok
21:24:56.0977 3208 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:24:57.0008 3208 Beep - ok
21:24:57.0055 3208 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:57.0070 3208 blbdrive - ok
21:24:57.0133 3208 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:24:57.0164 3208 bowser - ok
21:24:57.0179 3208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:24:57.0211 3208 BrFiltLo - ok
21:24:57.0242 3208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:24:57.0304 3208 BrFiltUp - ok
21:24:57.0351 3208 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:24:57.0398 3208 BridgeMP - ok
21:24:57.0413 3208 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:24:57.0445 3208 Brserid - ok
21:24:57.0460 3208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:57.0507 3208 BrSerWdm - ok
21:24:57.0538 3208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:57.0585 3208 BrUsbMdm - ok
21:24:57.0632 3208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:57.0663 3208 BrUsbSer - ok
21:24:57.0679 3208 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:24:57.0694 3208 BTHMODEM - ok
21:24:57.0803 3208 catchme - ok
21:24:57.0850 3208 CBDisk (93c568904e116607df2389907a9d8899) C:\Windows\system32\drivers\CBDisk.sys
21:24:57.0913 3208 CBDisk - ok
21:24:57.0928 3208 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:24:57.0959 3208 cdfs - ok
21:24:58.0022 3208 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
21:24:58.0037 3208 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
21:24:58.0037 3208 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
21:24:58.0084 3208 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:24:58.0115 3208 cdrom - ok
21:24:58.0147 3208 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:24:58.0162 3208 circlass - ok
21:24:58.0209 3208 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:24:58.0225 3208 CLFS - ok
21:24:58.0287 3208 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:58.0303 3208 CmBatt - ok
21:24:58.0318 3208 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:24:58.0318 3208 cmdide - ok
21:24:58.0365 3208 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:24:58.0396 3208 CNG - ok
21:24:58.0412 3208 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:24:58.0427 3208 Compbatt - ok
21:24:58.0474 3208 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:58.0505 3208 CompositeBus - ok
21:24:58.0521 3208 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:24:58.0537 3208 crcdisk - ok
21:24:58.0599 3208 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\Windows\system32\drivers\cvintdrv.sys
21:24:58.0615 3208 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
21:24:58.0615 3208 cvintdrv - detected UnsignedFile.Multi.Generic (1)
21:24:58.0677 3208 DELTA (68616be24b24114a0ef09ebead2456d0) C:\Windows\system32\drivers\delta.sys
21:24:58.0693 3208 DELTA ( UnsignedFile.Multi.Generic ) - warning
21:24:58.0693 3208 DELTA - detected UnsignedFile.Multi.Generic (1)
21:24:58.0739 3208 DELTAII (c5b7ac8d8a9237a2510a1092d19a5fa9) C:\Windows\system32\DRIVERS\MAudioDelta.sys
21:24:58.0771 3208 DELTAII - ok
21:24:58.0817 3208 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:24:58.0849 3208 DfsC - ok
21:24:58.0880 3208 dgderdrv - ok
21:24:58.0927 3208 DigiNet (e29c215c6d87966e20addcf18c542533) C:\Windows\system32\DRIVERS\diginet.sys
21:24:58.0958 3208 DigiNet - ok
21:24:58.0989 3208 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:24:59.0036 3208 discache - ok
21:24:59.0051 3208 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:24:59.0067 3208 Disk - ok
21:24:59.0098 3208 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:24:59.0129 3208 drmkaud - ok
21:24:59.0223 3208 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:24:59.0270 3208 dtsoftbus01 - ok
21:24:59.0441 3208 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:24:59.0473 3208 DXGKrnl - ok
21:24:59.0551 3208 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:24:59.0629 3208 ebdrv - ok
21:24:59.0660 3208 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:24:59.0691 3208 elxstor - ok
21:24:59.0707 3208 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:24:59.0738 3208 ErrDev - ok
21:24:59.0769 3208 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:24:59.0800 3208 exfat - ok
21:24:59.0831 3208 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:24:59.0863 3208 fastfat - ok
21:24:59.0878 3208 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:24:59.0894 3208 fdc - ok
21:24:59.0925 3208 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:24:59.0941 3208 FileInfo - ok
21:24:59.0956 3208 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:25:00.0019 3208 Filetrace - ok
21:25:00.0081 3208 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:00.0112 3208 flpydisk - ok
21:25:00.0143 3208 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:25:00.0159 3208 FltMgr - ok
21:25:00.0175 3208 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:25:00.0190 3208 FsDepends - ok
21:25:00.0206 3208 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:00.0221 3208 Fs_Rec - ok
21:25:00.0268 3208 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:25:00.0299 3208 fvevol - ok
21:25:00.0315 3208 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:00.0331 3208 gagp30kx - ok
21:25:00.0393 3208 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\gearaspiwdm.sys
21:25:00.0409 3208 GearAspiWDM - ok
21:25:00.0424 3208 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:25:00.0440 3208 hcw85cir - ok
21:25:00.0471 3208 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:25:00.0502 3208 HdAudAddService - ok
21:25:00.0549 3208 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:00.0580 3208 HDAudBus - ok
21:25:00.0596 3208 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:00.0611 3208 HidBatt - ok
21:25:00.0627 3208 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:25:00.0674 3208 HidBth - ok
21:25:00.0689 3208 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:25:00.0705 3208 HidIr - ok
21:25:00.0752 3208 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:25:00.0783 3208 HidUsb - ok
21:25:00.0814 3208 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:25:00.0830 3208 HpSAMD - ok
21:25:00.0861 3208 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:25:00.0892 3208 HTTP - ok
21:25:00.0939 3208 hwdatacard - ok
21:25:00.0970 3208 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:25:00.0986 3208 hwpolicy - ok
21:25:01.0033 3208 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:01.0048 3208 i8042prt - ok
21:25:01.0095 3208 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:25:01.0111 3208 iaStorV - ok
21:25:01.0142 3208 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:25:01.0157 3208 iirsp - ok
21:25:01.0251 3208 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
21:25:01.0360 3208 IntcAzAudAddService - ok
21:25:01.0376 3208 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:25:01.0391 3208 intelide - ok
21:25:01.0423 3208 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:25:01.0438 3208 intelppm - ok
21:25:01.0469 3208 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:01.0501 3208 IpFilterDriver - ok
21:25:01.0532 3208 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:25:01.0563 3208 IPMIDRV - ok
21:25:01.0594 3208 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:25:01.0625 3208 IPNAT - ok
21:25:01.0672 3208 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:25:01.0688 3208 IRENUM - ok
21:25:01.0719 3208 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:25:01.0719 3208 isapnp - ok
21:25:01.0766 3208 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:25:01.0781 3208 iScsiPrt - ok
21:25:01.0813 3208 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:01.0828 3208 kbdclass - ok
21:25:01.0844 3208 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:01.0875 3208 kbdhid - ok
21:25:01.0953 3208 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:25:01.0984 3208 KMWDFILTERx86 - ok
21:25:02.0047 3208 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:25:02.0062 3208 KSecDD - ok
21:25:02.0093 3208 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:25:02.0109 3208 KSecPkg - ok
21:25:02.0156 3208 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:25:02.0203 3208 lltdio - ok
21:25:02.0249 3208 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:02.0265 3208 LSI_FC - ok
21:25:02.0281 3208 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:02.0296 3208 LSI_SAS - ok
21:25:02.0343 3208 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:02.0359 3208 LSI_SAS2 - ok
21:25:02.0374 3208 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:02.0390 3208 LSI_SCSI - ok
21:25:02.0437 3208 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:25:02.0468 3208 luafv - ok
21:25:02.0515 3208 massfilter - ok
21:25:02.0577 3208 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:25:02.0624 3208 MBAMProtector - ok
21:25:02.0686 3208 MDFSYSNT (2c70290d63eb639da23ed667b9ebdf84) C:\Windows\system32\drivers\MDFSYSNT.sys
21:25:02.0749 3208 MDFSYSNT - ok
21:25:02.0764 3208 MDPMGRNT (d94d2e968239ce7f01f2cfa503db57e1) C:\Windows\system32\drivers\MDPMGRNT.sys
21:25:02.0795 3208 MDPMGRNT - ok
21:25:02.0827 3208 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:25:02.0827 3208 megasas - ok
21:25:02.0858 3208 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:02.0873 3208 MegaSR - ok
21:25:02.0936 3208 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:25:02.0998 3208 Modem - ok
21:25:03.0045 3208 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:25:03.0092 3208 monitor - ok
21:25:03.0123 3208 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:25:03.0139 3208 mouclass - ok
21:25:03.0185 3208 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:25:03.0217 3208 mouhid - ok
21:25:03.0248 3208 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:25:03.0263 3208 mountmgr - ok
21:25:03.0279 3208 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:25:03.0295 3208 mpio - ok
21:25:03.0326 3208 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:25:03.0357 3208 mpsdrv - ok
21:25:03.0388 3208 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:25:03.0419 3208 MRxDAV - ok
21:25:03.0497 3208 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:03.0529 3208 mrxsmb - ok
21:25:03.0575 3208 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:03.0607 3208 mrxsmb10 - ok
21:25:03.0653 3208 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:03.0669 3208 mrxsmb20 - ok
21:25:03.0685 3208 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:25:03.0700 3208 msahci - ok
21:25:03.0716 3208 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:25:03.0731 3208 msdsm - ok
21:25:03.0794 3208 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
21:25:03.0841 3208 MSDV - ok
21:25:03.0856 3208 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:25:03.0887 3208 Msfs - ok
21:25:03.0903 3208 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:25:03.0950 3208 mshidkmdf - ok
21:25:03.0981 3208 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:25:03.0997 3208 msisadrv - ok
21:25:04.0043 3208 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:25:04.0075 3208 MSKSSRV - ok
21:25:04.0090 3208 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:04.0121 3208 MSPCLOCK - ok
21:25:04.0153 3208 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:25:04.0184 3208 MSPQM - ok
21:25:04.0199 3208 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:25:04.0215 3208 MsRPC - ok
21:25:04.0246 3208 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:04.0246 3208 mssmbios - ok
21:25:04.0277 3208 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:25:04.0324 3208 MSTEE - ok
21:25:04.0355 3208 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:04.0371 3208 MTConfig - ok
21:25:04.0387 3208 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:25:04.0402 3208 Mup - ok
21:25:04.0480 3208 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:25:04.0511 3208 NativeWifiP - ok
21:25:04.0574 3208 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:25:04.0589 3208 NDIS - ok
21:25:04.0636 3208 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:04.0699 3208 NdisCap - ok
21:25:04.0745 3208 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:04.0761 3208 NdisTapi - ok
21:25:04.0808 3208 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:04.0839 3208 Ndisuio - ok
21:25:04.0855 3208 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:04.0886 3208 NdisWan - ok
21:25:04.0917 3208 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:25:04.0948 3208 NDProxy - ok
21:25:04.0964 3208 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:25:05.0042 3208 NetBIOS - ok
21:25:05.0057 3208 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:25:05.0089 3208 NetBT - ok
21:25:05.0135 3208 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:05.0151 3208 nfrd960 - ok
21:25:05.0167 3208 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:25:05.0198 3208 Npfs - ok
21:25:05.0229 3208 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:25:05.0260 3208 nsiproxy - ok
21:25:05.0338 3208 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:25:05.0385 3208 Ntfs - ok
21:25:05.0416 3208 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:25:05.0447 3208 Null - ok
21:25:05.0510 3208 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
21:25:05.0557 3208 NVHDA - ok
21:25:05.0775 3208 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:06.0071 3208 nvlddmkm - ok
21:25:06.0149 3208 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
21:25:06.0196 3208 NVNET - ok
21:25:06.0259 3208 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:25:06.0274 3208 nvraid - ok
21:25:06.0305 3208 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
21:25:06.0352 3208 nvsmu - ok
21:25:06.0399 3208 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:25:06.0415 3208 nvstor - ok
21:25:06.0430 3208 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
21:25:06.0477 3208 nvstor32 - ok
21:25:06.0539 3208 NxpCap (6abc0333409e7ab86ba610bcf5bddf7b) C:\Windows\system32\DRIVERS\NxpCap.sys
21:25:06.0617 3208 NxpCap - ok
21:25:06.0633 3208 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:25:06.0664 3208 ohci1394 - ok
21:25:06.0727 3208 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:25:06.0758 3208 Parport - ok
21:25:06.0789 3208 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:25:06.0805 3208 partmgr - ok
21:25:06.0820 3208 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:25:06.0851 3208 Parvdm - ok
21:25:06.0883 3208 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:25:06.0898 3208 pci - ok
21:25:06.0914 3208 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:25:06.0929 3208 pciide - ok
21:25:06.0945 3208 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:06.0961 3208 pcmcia - ok
21:25:07.0023 3208 PCTAppEvent (a69352268f6fdb3c2b4515f224a0e167) C:\Windows\system32\drivers\PCTAppEvent.sys
21:25:07.0039 3208 PCTAppEvent - ok
21:25:07.0070 3208 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
21:25:07.0117 3208 PCTFW-PacketFilter - ok
21:25:07.0148 3208 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\Windows\System32\drivers\pctgntdi.sys
21:25:07.0195 3208 pctgntdi - ok
21:25:07.0257 3208 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
21:25:07.0304 3208 pctNDIS - ok
21:25:07.0319 3208 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
21:25:07.0366 3208 pctplfw - ok
21:25:07.0382 3208 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:25:07.0397 3208 pcw - ok
21:25:07.0429 3208 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:25:07.0475 3208 PEAUTH - ok
21:25:07.0553 3208 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:25:07.0600 3208 PptpMiniport - ok
21:25:07.0616 3208 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:25:07.0647 3208 Processor - ok
21:25:07.0709 3208 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:25:07.0741 3208 Psched - ok
21:25:07.0803 3208 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\DRIVERS\PxHelp20.sys
21:25:07.0834 3208 PxHelp20 - ok
21:25:07.0897 3208 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:25:07.0943 3208 ql2300 - ok
21:25:07.0975 3208 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:25:07.0990 3208 ql40xx - ok
21:25:08.0006 3208 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:25:08.0037 3208 QWAVEdrv - ok
21:25:08.0068 3208 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:25:08.0115 3208 RasAcd - ok
21:25:08.0146 3208 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:08.0193 3208 RasAgileVpn - ok
21:25:08.0209 3208 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:08.0271 3208 Rasl2tp - ok
21:25:08.0302 3208 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:08.0349 3208 RasPppoe - ok
21:25:08.0365 3208 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:25:08.0411 3208 RasSstp - ok
21:25:08.0443 3208 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:25:08.0474 3208 rdbss - ok
21:25:08.0489 3208 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:25:08.0521 3208 rdpbus - ok
21:25:08.0536 3208 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:08.0583 3208 RDPCDD - ok
21:25:08.0614 3208 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:25:08.0645 3208 RDPENCDD - ok
21:25:08.0661 3208 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:25:08.0677 3208 RDPREFMP - ok
21:25:08.0708 3208 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:25:08.0739 3208 RDPWD - ok
21:25:08.0755 3208 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:25:08.0770 3208 rdyboost - ok
21:25:08.0864 3208 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:25:08.0895 3208 rspndr - ok
21:25:08.0957 3208 RTL8192su (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys
21:25:09.0004 3208 RTL8192su - ok
21:25:09.0067 3208 SANDRA - ok
21:25:09.0113 3208 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:25:09.0129 3208 sbp2port - ok
21:25:09.0145 3208 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:25:09.0176 3208 scfilter - ok
21:25:09.0207 3208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:25:09.0254 3208 secdrv - ok
21:25:09.0316 3208 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\Windows\System32\Drivers\SENTINEL.SYS
21:25:09.0332 3208 Sentinel - ok
21:25:09.0347 3208 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:25:09.0379 3208 Serenum - ok
21:25:09.0410 3208 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:25:09.0425 3208 Serial - ok
21:25:09.0441 3208 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:25:09.0488 3208 sermouse - ok
21:25:09.0613 3208 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:25:09.0675 3208 sffdisk - ok
21:25:09.0753 3208 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:25:09.0784 3208 sffp_mmc - ok
21:25:09.0815 3208 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:25:09.0847 3208 sffp_sd - ok
21:25:09.0862 3208 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:25:09.0878 3208 sfloppy - ok
21:25:09.0909 3208 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:25:09.0925 3208 sisagp - ok
21:25:09.0940 3208 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:25:09.0956 3208 SiSRaid2 - ok
21:25:09.0971 3208 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:25:09.0987 3208 SiSRaid4 - ok
21:25:10.0003 3208 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:25:10.0034 3208 Smb - ok
21:25:10.0096 3208 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:25:10.0112 3208 spldr - ok
21:25:10.0190 3208 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
21:25:10.0190 3208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:25:10.0190 3208 sptd ( LockedFile.Multi.Generic ) - warning
21:25:10.0190 3208 sptd - detected LockedFile.Multi.Generic (1)
21:25:10.0237 3208 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:25:10.0268 3208 srv - ok
21:25:10.0315 3208 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:25:10.0346 3208 srv2 - ok
21:25:10.0361 3208 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:10.0393 3208 srvnet - ok
21:25:10.0455 3208 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:25:10.0471 3208 stexstor - ok
21:25:10.0517 3208 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:25:10.0533 3208 swenum - ok
21:25:10.0658 3208 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
21:25:10.0705 3208 Tcpip - ok
21:25:10.0736 3208 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:10.0767 3208 TCPIP6 - ok
21:25:10.0798 3208 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:25:10.0829 3208 tcpipreg - ok
21:25:10.0845 3208 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:25:10.0892 3208 TDPIPE - ok
21:25:10.0907 3208 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:25:10.0954 3208 TDTCP - ok
21:25:10.0985 3208 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:25:11.0017 3208 tdx - ok
21:25:11.0048 3208 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:25:11.0063 3208 TermDD - ok
21:25:11.0110 3208 TPkd (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
21:25:11.0126 3208 TPkd ( UnsignedFile.Multi.Generic ) - warning
21:25:11.0126 3208 TPkd - detected UnsignedFile.Multi.Generic (1)
21:25:11.0204 3208 TrufosAlt (d7e5ea5e740b566344a41fd9c525dccd) C:\Windows\system32\DRIVERS\TrufosAlt.sys
21:25:11.0251 3208 TrufosAlt - ok
21:25:11.0282 3208 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:11.0313 3208 tssecsrv - ok
21:25:11.0329 3208 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:11.0375 3208 tunnel - ok
21:25:11.0407 3208 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:25:11.0407 3208 uagp35 - ok
21:25:11.0438 3208 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:25:11.0485 3208 udfs - ok
21:25:11.0531 3208 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:25:11.0547 3208 uliagpkx - ok
21:25:11.0578 3208 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:25:11.0609 3208 umbus - ok
21:25:11.0641 3208 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:25:11.0687 3208 UmPass - ok
21:25:11.0750 3208 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
21:25:11.0765 3208 USBAAPL - ok
21:25:11.0781 3208 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:11.0812 3208 usbccgp - ok
21:25:11.0843 3208 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:25:11.0875 3208 usbcir - ok
21:25:11.0921 3208 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:25:11.0953 3208 usbehci - ok
21:25:11.0968 3208 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:11.0999 3208 usbhub - ok
21:25:12.0015 3208 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
21:25:12.0062 3208 usbohci - ok
21:25:12.0124 3208 USBPNPA (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys
21:25:12.0187 3208 USBPNPA - ok
21:25:12.0233 3208 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:25:12.0249 3208 usbprint - ok
21:25:12.0311 3208 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:25:12.0358 3208 usbscan - ok
21:25:12.0389 3208 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:12.0421 3208 USBSTOR - ok
21:25:12.0452 3208 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
21:25:12.0467 3208 usbuhci - ok
21:25:12.0530 3208 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
21:25:12.0592 3208 VClone - ok
21:25:12.0623 3208 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:25:12.0639 3208 vdrvroot - ok
21:25:12.0670 3208 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:12.0701 3208 vga - ok
21:25:12.0717 3208 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:25:12.0748 3208 VgaSave - ok
21:25:12.0779 3208 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:25:12.0795 3208 vhdmp - ok
21:25:12.0842 3208 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:25:12.0857 3208 viaagp - ok
21:25:12.0873 3208 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:25:12.0904 3208 ViaC7 - ok
21:25:12.0920 3208 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:25:12.0935 3208 viaide - ok
21:25:12.0951 3208 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:25:12.0967 3208 volmgr - ok
21:25:12.0982 3208 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:25:13.0013 3208 volmgrx - ok
21:25:13.0029 3208 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:25:13.0045 3208 volsnap - ok
21:25:13.0076 3208 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:13.0091 3208 vsmraid - ok
21:25:13.0123 3208 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:25:13.0154 3208 vwifibus - ok
21:25:13.0185 3208 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:13.0201 3208 vwififlt - ok
21:25:13.0247 3208 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:25:13.0279 3208 vwifimp - ok
21:25:13.0325 3208 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:25:13.0341 3208 WacomPen - ok
21:25:13.0372 3208 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:13.0419 3208 WANARP - ok
21:25:13.0419 3208 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:13.0450 3208 Wanarpv6 - ok
21:25:13.0481 3208 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:25:13.0497 3208 Wd - ok
21:25:13.0528 3208 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:25:13.0559 3208 Wdf01000 - ok
21:25:13.0606 3208 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:13.0637 3208 WfpLwf - ok
21:25:13.0669 3208 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:25:13.0684 3208 WIMMount - ok
21:25:13.0762 3208 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:13.0778 3208 WinUsb - ok
21:25:13.0825 3208 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:13.0856 3208 WmiAcpi - ok
21:25:13.0934 3208 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:13.0965 3208 ws2ifsl - ok
21:25:13.0996 3208 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:25:14.0043 3208 WudfPf - ok
21:25:14.0059 3208 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:14.0090 3208 WUDFRd - ok
21:25:14.0137 3208 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\system32\Drivers\x10hid.sys
21:25:14.0183 3208 X10Hid - ok
21:25:14.0215 3208 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys
21:25:14.0261 3208 XUIF - ok
21:25:14.0293 3208 ZTEusbmdm6k - ok
21:25:14.0324 3208 ZTEusbnmea - ok
21:25:14.0339 3208 ZTEusbser6k - ok
21:25:14.0371 3208 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0
21:25:16.0835 3208 \Device\Harddisk0\DR0 - ok
21:25:16.0851 3208 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:25:17.0007 3208 \Device\Harddisk1\DR1 - ok
21:25:17.0007 3208 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk5\DR5
21:25:17.0615 3208 \Device\Harddisk5\DR5 - ok
21:25:17.0631 3208 Boot (0x1200) (3a407b31bca895c0adae103ed0f2e02b) \Device\Harddisk0\DR0\Partition0
21:25:17.0647 3208 \Device\Harddisk0\DR0\Partition0 - ok
21:25:17.0647 3208 Boot (0x1200) (d904f6121a4da07ec83e17e342e460e5) \Device\Harddisk0\DR0\Partition1
21:25:17.0647 3208 \Device\Harddisk0\DR0\Partition1 - ok
21:25:17.0678 3208 Boot (0x1200) (20f09478653ee4076f7977ed937f5db9) \Device\Harddisk0\DR0\Partition2
21:25:17.0678 3208 \Device\Harddisk0\DR0\Partition2 - ok
21:25:17.0678 3208 Boot (0x1200) (58299b799d6b4effc6d9bd70558c30d1) \Device\Harddisk1\DR1\Partition0
21:25:17.0678 3208 \Device\Harddisk1\DR1\Partition0 - ok
21:25:17.0693 3208 Boot (0x1200) (2978f59839cd7d0d217c68d4af7fda7f) \Device\Harddisk1\DR1\Partition1
21:25:17.0693 3208 \Device\Harddisk1\DR1\Partition1 - ok
21:25:17.0693 3208 Boot (0x1200) (34705302c7f18813608e4d40945ac0da) \Device\Harddisk5\DR5\Partition0
21:25:17.0693 3208 \Device\Harddisk5\DR5\Partition0 - ok
21:25:17.0693 3208 ============================================================
21:25:17.0693 3208 Scan finished
21:25:17.0693 3208 ============================================================
21:25:17.0709 2956 Detected object count: 7
21:25:17.0709 2956 Actual detected object count: 7
21:25:40.0625 2956 AFD ( Virus.Win32.ZAccess.l ) - skipped by user
21:25:40.0625 2956 AFD ( Virus.Win32.ZAccess.l ) - User select action: Skip
21:25:40.0625 2956 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:40.0625 2956 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:40.0625 2956 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:40.0625 2956 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:40.0625 2956 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:40.0625 2956 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:40.0625 2956 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:40.0625 2956 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:40.0641 2956 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:25:40.0641 2956 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:25:40.0641 2956 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:40.0641 2956 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip


-----------------------------------------------------------------------

Dann ist mir noch was eingefallen, was vielleicht von Bedeutung ist:

Gestern habe ich per vorschneller Selbstdiagnose folgenden Link gefunden. Der letzte Schritt, der bei diesem User zum Erfolg geführt hat (regedit über eine Notpad Datei modifizieren) habe ich nachgeahmt. Sicher ein dummer Move!?

hxxp://www.help2go.com/forum/spyware-help/108481-same-error-turqoise-avast-10050-error-no-updates-no-firewall-unhandled-excep-2.html


Danke schon mal für eine super Hilfe bis hier hin!!!

Alt 07.02.2012, 20:37   #12
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



bitte mal alle funde mit ZAccess für cure auswählen.
dann neustarten und erneut scannen.
dann: nutzt du das system für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie zb berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2012, 21:00   #13
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hi!

also beim Neustarten hatte ich mal wieder nen Bluescreen. Muss nicht mit dem eigentlichen Problem zusammenhängen, aber ich poste mal die letzten 3 crash-reports von blueScreenView:

==================================================
Dump File : 020712-25958-01.dmp
Crash Time : 07.02.2012 21:38:50
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904fb
Parameter 2 : 0xc1be8388
Parameter 3 : 0xc1be7f60
Parameter 4 : 0xe44d4ee6
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+14251
File Description : NT-Dateisystemtreiber
Product Name : Betriebssystem Microsoft® Windows®
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+dce34
Stack Address 1 : Ntfs.sys+14251
Stack Address 2 : Ntfs.sys+deb48
Stack Address 3 : Ntfs.sys+dec19
Computer Name :
Full Path : C:\Windows\Minidump\020712-25958-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 153'960
==================================================

==================================================
Dump File : 020612-31012-01.dmp
Crash Time : 06.02.2012 13:49:13
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0xac11e650
Parameter 3 : 0xb2b919a0
Parameter 4 : 0xb2b91580
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+270
File Description : avast! self protection module
Product Name : avast! Antivirus System
Company : AVAST Software
File Version : 6.0.1289.0
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 : ntkrnlpa.exe+1a3744
Computer Name :
Full Path : C:\Windows\Minidump\020612-31012-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 160'784
==================================================

==================================================
Dump File : 020412-27346-01.dmp
Crash Time : 04.02.2012 18:30:19
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x000007c8
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xb0dce80a
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+99e602
File Description : NVIDIA Windows Kernel Mode Driver, Version 267.24
Product Name : NVIDIA Windows Kernel Mode Driver, Version 267.24
Company : NVIDIA Corporation
File Version : 8.17.12.6724
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4686b
Stack Address 1 : CLASSPNP.SYS+480a
Stack Address 2 : ntkrnlpa.exe+68c73
Stack Address 3 : storport.sys+29f8
Computer Name :
Full Path : C:\Windows\Minidump\020412-27346-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 158'760
==================================================

TDSSKiller habe ich den ZAccess curen lassen - nach dem Neustart hat er ihn aber wiedergefunden. Der Ende des entsprechenden Logs:

21:49:23.0230 2860 Detected object count: 2
21:49:23.0230 2860 Actual detected object count: 2
21:49:35.0695 2860 C:\Windows\system32\drivers\afd.sys - copied to quarantine
21:49:39.0314 2860 Backup copy not found, trying to cure infected file..
21:49:39.0361 2860 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)
21:49:39.0361 2860 C:\Windows\system32\drivers\afd.sys - processing error
21:49:41.0482 2860 AFD ( Virus.Win32.ZAccess.l ) - User select action: Cure
21:49:41.0482 2860 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:49:41.0482 2860 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Und ja: Ich nutze den Rechner für all solche Dinge wie Paypal, Onlinebanking, Ebay etc... Muss ich mir Sorgen machen?

Alt 08.02.2012, 11:59   #14
markusg
/// Malware-holic
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



hi,
also, bitte sofort die bank anrufen, onlinebanking muss gesperrt werden.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.02.2012, 17:07   #15
benkah
 
Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Standard

Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?



Hallo Markus,

oh jeee! Warum denkst Du dass man in diesem Fall die letzte Konsequenz (Neuaufsetzen) ziehen muss? Wer oder was hat sich da Zugang verschafft? Ich sichere momentan meine gesamten Daten - dauert leider ein wenig bei der Menge. Online-Banking und Passwörter sind jetzt abgeschaltet bzw. geändert.

Ich habe hier einen Fertig-Pc mit Win7 Recovery-Cd. Hab ich noch nie gemacht, aber bekomme ich schon hin. Muss ich irgendwas beachten?

Und: Wie sichere ich meinen neuaufgesetzten PC ab?

Vielen Dank und liebe Grüße,
Benkah

Antwort

Themen zu Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?
avast, checken, code, combofix, dringend, drucker, fehler, fehlermeldung, gen, google, hallo zusammen, infektion, internet, internetverbindung, mails, neustart, nicht mehr, problem, rootkit.zeroaccess, suche, tools, verbindung, virus, w-lan, win



Ähnliche Themen: Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?


  1. Nerviges ZeroAccess / TDSS Rootkit (?) entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.07.2015 (1)
  2. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  3. Windows Server 2008 R2: ZeroAccess Rootkit?
    Log-Analyse und Auswertung - 30.08.2013 (3)
  4. ZeroAccess rootkit - mistviech
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (21)
  5. Virus, $Recycle.Bin ZeroAccess-Rootkit
    Log-Analyse und Auswertung - 21.05.2013 (14)
  6. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  7. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  8. Mögliche Infektion mit ZeroAccess
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (11)
  9. Infektion mit System Progressive Protection | ZeroAccess
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (38)
  10. Mögliche Infektion mit ZeroAccess
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (1)
  11. Nach ZeroAccess-Infektion Problem mit Bereinigung
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (3)
  12. Trojan.gen/ Rootkit Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (4)
  13. ZeroAccess - E Wind64 [Rootkit]
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (0)
  14. Rootkit.Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (35)
  15. ZeroAccess Rootkit und AbNow Google Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (5)
  16. mediashifting - rootkit.zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (14)
  17. Rootkit ZeroAccess ???
    Plagegeister aller Art und deren Bekämpfung - 14.10.2011 (8)

Zum Thema Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? - Hallo zusammen, ich bin am verzweifeln! Ich habe mir gestern im Netz wohl einen schlimmen Virus eingefangen und kann per google und Selbstdiagnose jetzt nix mehr ausrichten. Daher wende ich - Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?...
Archiv
Du betrachtest: Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.