Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.02.2012, 23:24   #1
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Hallo an Alle!

Kämpfe seit ein paar Tagen mit dieser Malerware herum, vll kann mir jemand weiterhelfen...

Verwende Vista 32Bit SP1
Bekomme die Meldung von Kaspersky Virus.Win32.ZAccess.aml!
Nach ein wenig herum googeln finde ich auf der Supportseite von Kaspersky jendes Tool "TDSSKiller"...

findet zwar 1-2 Datein jedesmal, jedoch nach dem Neustart warnt mich Kaspersky aufs neue... (also hat es nicht gebracht)

Seit der ersten Viruswarnung starten einige Programme (iTunes,Outlook,...) nicht mehr, bzw. starten sie, jedoch reagiert das Programm nach dem start nicht mehr. dann bekomme ich so ca jede stunde mal einen blue Screen. und oben drauf lässt sich der abgesicherte Modus auch nicht mehr starten (kommt ebenfalls der gleiche blue Screen)

und jetzt bekomme ich die Warnung von Kaspersky "Virus.Win32.ZAccess.c"
gleiches Spiel...

in dem moment wie ich die allererste Viruswarnung von Kaspersky bekommen habe, hat sich gleichzeitig mein Firefox von selbst geschlossen, denke das, das kein zufall war....

Vll kann mir wer weiterhelfen.

Thx4Support
Zion418

Code:
ATTFilter
OTL logfile created on: 23.02.2012 00:07:35 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\home\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,94% Memory free
6,23 Gb Paging File | 4,64 Gb Available in Paging File | 74,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 6,21 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive D: | 164,51 Gb Total Space | 9,54 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
 
Computer Name: ZENTRUM | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2012.02.22 23:15:42 | 000,183,808 | ---- | M] () -- C:\Windows\Temp\pyacmg\setup.exe
PRC - [2012.02.19 02:17:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.14 12:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2011.12.14 12:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.17 21:08:54 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2011.02.24 11:59:08 | 002,000,712 | ---- | M] (Comfort Software Group) -- C:\Programme\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2011.01.07 14:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2010.04.03 11:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.03.23 09:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.19 13:41:26 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe
PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Programme\Brownie\brpjp04a.exe
PRC - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe
PRC - [2008.01.18 22:33:34 | 000,021,504 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.19 02:17:50 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.04 15:54:16 | 000,930,304 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.22 13:29:18 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.04.17 21:07:38 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.02.28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe
MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.01.17 15:46:20 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\cpuutil.dll
MOD - [2006.05.25 16:18:08 | 000,106,548 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowNap.dll
MOD - [2005.06.22 16:39:56 | 000,204,851 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowerDll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (msmpsvc)
SRV - File not found [Auto | Stopped] --  -- (d-link_st3402)
SRV - File not found [Auto | Stopped] --  -- (CTAudSvcService)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.18 22:33:34 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\rt2870.dll -- (netcfgsvr)
SRV - [2007.05.15 14:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.04.17 21:07:38 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2011.04.17 21:07:38 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.04.17 20:53:19 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008.04.21 11:39:16 | 001,397,760 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
DRV - [2008.01.18 20:56:00 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2007.08.17 14:14:44 | 000,891,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.05.15 14:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.05.15 14:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.05.15 14:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.12 14:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 02:17:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 01:54:18 | 000,000,000 | ---D | M]
 
[2011.04.17 21:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2012.02.22 02:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions
[2011.12.07 19:53:56 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.07.20 17:46:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.29 18:25:29 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\formhistory@yahoo.com
[2012.02.22 02:47:22 | 000,000,000 | ---D | M] (SenSEO) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\senseo@nicosteiner.de
[2011.11.20 23:30:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com
[2011.11.10 02:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.19 08:09:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.17 22:19:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011.04.17 22:19:50 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\MEMORYRESTART@TEAMEXTENSION.COM.XPI
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.02.19 02:17:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.01 23:15:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 00:18:25 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.01 23:15:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.01 23:15:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.01 23:15:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.01 23:15:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.01 23:15:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=8e877628000000000000001e8c652b00
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Skype Click to Call = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
CHR - Extension: Anti-Banner = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D7E3FC-5E67-423D-AC08-F747BA92D711}: DhcpNameServer = 194.24.128.100 81.3.216.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75389769-4D5D-441C-B3D6-DB5A198B1133}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95229565-8240-45A6-BBA8-D5998918FA17}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell - "" = AutoRun
O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.23 00:00:39 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012.02.23 00:00:14 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otl4_htm
[2012.02.22 23:59:45 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otlv4_h
[2012.02.22 21:16:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.22 21:16:10 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2012.02.22 21:15:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SpeedyPC Software
[2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\DriverCure
[2012.02.21 02:44:14 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012.02.21 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\home\DoctorWeb
[2012.02.20 14:13:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.02.20 14:12:47 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe
[2012.02.19 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\dvdcss
[2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Uxul
[2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Tuip
[2012.02.15 05:40:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Download Manager
[2012.02.14 23:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.02.14 23:16:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.09 02:40:34 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Release
[2012.02.08 00:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.02.08 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Babylon
[2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Babylon
[2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.07 23:55:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\FileZilla
[2012.02.07 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\CesarFTP
[2012.02.07 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Xenocode
[2012.02.06 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AORDB_Release
[2012.02.01 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\eno
[2012.01.29 22:12:48 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.27 02:41:51 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AOR_Release2
[2012.01.27 02:39:58 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\aor
[2012.01.27 01:56:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2005
[2012.01.27 01:50:30 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2012.01.27 01:50:14 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
[2012.01.27 01:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Component
[2012.01.27 01:49:12 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Task
[2012.01.27 01:48:51 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\SQL Server Management Studio
[2012.01.27 01:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2012.01.27 01:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012.01.27 01:43:09 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2008
[2012.01.27 01:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012.01.27 01:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012.01.27 01:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.27 01:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.27 01:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012.01.27 01:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell V2 (CTP3)
[2012.01.27 01:34:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.01.27 01:18:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012.01.27 01:18:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012.01.27 01:18:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012.01.27 01:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2012.01.27 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Microsoft_Corporation
[2012.01.27 01:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.27 00:50:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2012.01.27 00:50:37 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012.01.24 03:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.01.24 03:15:44 | 004,990,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVStWiz.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job
[2012.02.23 00:03:12 | 000,000,164 | -HS- | M] () -- C:\Windows\KLIF.spi
[2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012.02.23 00:00:12 | 002,886,775 | ---- | M] () -- C:\Users\home\Desktop\otl4_htm.zip
[2012.02.22 23:59:36 | 000,132,237 | ---- | M] () -- C:\Users\home\Desktop\otlv4_h.zip
[2012.02.22 23:20:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job
[2012.02.22 23:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.22 23:15:49 | 000,000,321 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.02.22 23:15:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 23:15:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.02.22 23:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.22 23:15:36 | 3218,436,096 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.22 23:14:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.22 22:06:08 | 000,695,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.22 22:06:08 | 000,139,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.22 22:01:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.22 21:56:10 | 000,164,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.22 21:56:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.22 21:46:29 | 403,230,807 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.02.22 21:15:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.22 18:20:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job
[2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012.02.21 02:42:02 | 000,001,205 | ---- | M] () -- C:\Users\home\Desktop\FixNCR1.reg
[2012.02.20 23:38:00 | 000,001,456 | ---- | M] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.20 23:37:59 | 000,860,250 | ---- | M] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg
[2012.02.20 14:12:49 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe
[2012.02.19 18:37:50 | 000,040,448 | ---- | M] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 04:07:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.02.08 00:19:48 | 000,001,822 | ---- | M] () -- C:\Users\home\Desktop\JDownloader.lnk
[2012.02.08 00:18:40 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.02 19:37:17 | 000,000,916 | ---- | M] () -- C:\Users\home\Desktop\Dropbox.lnk
[2012.02.02 19:37:17 | 000,000,896 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.01 18:20:05 | 003,727,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.27 01:01:24 | 000,026,742 | ---- | M] () -- C:\Users\home\Desktop\create_db_AOR.sql
[2012.01.26 23:16:44 | 000,014,316 | ---- | M] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf
[2012.01.26 23:14:24 | 000,014,322 | ---- | M] () -- C:\Users\home\Desktop\WAHLARZT.pdf
[2012.01.26 02:07:17 | 000,190,885 | ---- | M] () -- C:\Users\home\Desktop\hebr-500.pdf
[2012.01.24 03:15:22 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.23 00:02:34 | 000,000,164 | -HS- | C] () -- C:\Windows\KLIF.spi
[2012.02.23 00:00:03 | 002,886,775 | ---- | C] () -- C:\Users\home\Desktop\otl4_htm.zip
[2012.02.22 23:59:34 | 000,132,237 | ---- | C] () -- C:\Users\home\Desktop\otlv4_h.zip
[2012.02.22 21:15:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.21 02:44:28 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012.02.21 02:44:13 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012.02.21 02:44:12 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012.02.21 02:42:01 | 000,001,205 | ---- | C] () -- C:\Users\home\Desktop\FixNCR1.reg
[2012.02.20 23:37:57 | 000,860,250 | ---- | C] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg
[2012.02.19 05:05:01 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.02.08 00:19:48 | 000,001,822 | ---- | C] () -- C:\Users\home\Desktop\JDownloader.lnk
[2012.02.08 00:19:41 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.02.08 00:19:41 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.02.08 00:19:41 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.02.08 00:18:40 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.01.27 01:01:23 | 000,026,742 | ---- | C] () -- C:\Users\home\Desktop\create_db_AOR.sql
[2012.01.26 23:16:44 | 000,014,316 | ---- | C] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf
[2012.01.26 23:14:24 | 000,014,322 | ---- | C] () -- C:\Users\home\Desktop\WAHLARZT.pdf
[2012.01.26 02:07:17 | 000,190,885 | ---- | C] () -- C:\Users\home\Desktop\hebr-500.pdf
[2012.01.24 03:17:39 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.01.24 03:17:31 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.24 03:17:05 | 3218,436,096 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.07 22:46:00 | 000,000,068 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.13 03:29:51 | 000,125,000 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.09.13 01:06:01 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe
[2011.06.16 17:38:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2011.04.30 19:25:36 | 000,000,600 | ---- | C] () -- C:\Users\home\AppData\Local\PUTTY.RND
[2011.04.28 13:22:00 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.23 01:20:04 | 000,000,290 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.04.21 21:15:18 | 000,139,264 | ---- | C] () -- C:\Windows\Vmix106.dll
[2011.04.21 21:15:17 | 000,495,616 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe
[2011.04.21 21:15:17 | 000,000,272 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2011.04.21 21:14:28 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.04.21 21:14:28 | 000,004,599 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2011.04.21 21:14:28 | 000,003,067 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2011.04.21 21:14:27 | 000,000,625 | ---- | C] () -- C:\Windows\cm106.ini
[2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak.bak
[2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak
[2011.04.21 17:44:08 | 000,000,051 | ---- | C] () -- C:\Windows\FILEDG32.ini
[2011.04.21 14:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.21 14:53:57 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI
[2011.04.21 14:52:51 | 000,000,321 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.04.21 14:46:57 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.21 10:33:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 00:51:24 | 000,040,448 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:51:44 | 000,001,456 | ---- | C] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.18 03:39:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.18 03:39:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.18 01:31:01 | 000,071,680 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011.04.17 22:14:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.04.17 21:08:11 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.04.17 21:08:11 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.04.17 21:08:02 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011.04.17 21:08:02 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011.04.17 21:07:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.04.17 20:59:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.17 20:59:45 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.17 20:39:59 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
 
========== LOP Check ==========
 
[2011.05.21 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AUTOSICH
[2012.02.08 00:18:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon
[2011.04.23 02:13:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\cbuenger
[2012.01.29 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.04.18 01:17:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DAEMON Tools Lite
[2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DriverCure
[2012.02.22 23:16:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox
[2011.08.10 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoft
[2011.08.10 00:14:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.07 23:56:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FileZilla
[2011.04.17 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\GHISLER
[2011.05.19 03:10:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\IrfanView
[2012.02.17 00:33:49 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MySQL
[2011.09.28 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Quite
[2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpeedyPC Software
[2011.04.18 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.01.10 02:57:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TeamViewer
[2012.02.12 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\toolplugin
[2012.02.19 05:26:07 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Tuip
[2012.02.08 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\uTorrent
[2012.02.19 16:51:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Uxul
[2011.10.05 01:42:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\XMedia Recode
[2012.02.22 23:14:34 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19048
home :: ZENTRUM [Administrator]

Schutz: Aktiviert

22.02.2012 22:01:13
mbam-log-2012-02-22 (23-12-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433780
Laufzeit: 1 Stunde(n), 10 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AZF7W1VWEMSSS (Trojan.SpyEyes) -> Daten: C:\Recycle.Bin\B6232F3ABA7.exe /q -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.
C:\Recycle.Bin\4B15856F7B043CD (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 23.02.2012, 07:18   #2
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 24.02.2012, 00:13   #3
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



So, anbei die die vollständigen Infos:

DDS, Attach und GMER sind im Anhang dabei.

DDS
Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19048  BrowserJavaVersion: 1.6.0_26
Run by home at 23:48:45 on 2012-02-23
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1752 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.65\aaCenter.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00
uWindow Title = Windows Internet Explorer bereitgestellt von T-Online.de
uDefault_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [FreeCT] c:\program files\freecountdowntimer\FreeCountdownTimer.exe -autorun
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
mRun: [<NO NAME>] 
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\home\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: In Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{27D7E3FC-5E67-423D-AC08-F747BA92D711} : DhcpNameServer = 194.24.128.100 81.3.216.100
TCP: Interfaces\{75389769-4D5D-441C-B3D6-DB5A198B1133} : DhcpNameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{95229565-8240-45A6-BBA8-D5998918FA17} : DhcpNameServer = 212.186.211.21 195.34.133.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\ye27xncc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\home\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-18 218688]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 23856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-22 652360]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-19 2337144]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2011-4-17 46592]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-22 20464]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2011-4-17 891392]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2008-4-21 1397760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2012-02-22 20:16:10	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 20:16:10	--------	d-----w-	c:\users\home\appdata\roaming\Malwarebytes
2012-02-22 20:15:56	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-22 20:15:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-22 20:15:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-21 01:44:19	--------	d-----w-	c:\users\home\appdata\roaming\SpeedyPC Software
2012-02-21 01:44:19	--------	d-----w-	c:\users\home\appdata\roaming\DriverCure
2012-02-21 01:44:10	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-02-21 01:44:10	--------	d-----w-	c:\program files\SpeedyPC Software
2012-02-21 01:44:10	--------	d-----w-	c:\program files\common files\SpeedyPC Software
2012-02-20 23:57:19	--------	d-----w-	c:\users\home\DoctorWeb
2012-02-20 13:13:40	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-19 04:20:02	--------	d-----w-	c:\users\home\appdata\roaming\Uxul
2012-02-19 04:20:02	--------	d-----w-	c:\users\home\appdata\roaming\Tuip
2012-02-19 04:05:01	0	--sha-w-	c:\windows\system32\dds_trash_log.cmd
2012-02-07 23:19:20	--------	d-----w-	c:\program files\JDownloader
2012-02-07 23:18:22	--------	d-----w-	c:\users\home\appdata\local\Babylon
2012-02-07 23:18:17	--------	d-----w-	c:\users\home\appdata\roaming\Babylon
2012-02-07 23:18:17	--------	d-----w-	c:\programdata\Babylon
2012-02-07 22:42:54	--------	d-----w-	c:\program files\CesarFTP
2012-02-07 21:03:06	--------	d-----w-	c:\users\home\appdata\local\Xenocode
2012-01-29 21:12:48	--------	d-----w-	c:\users\home\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-27 00:50:30	47456	----a-w-	c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-01-27 00:50:14	73568	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-01-27 00:49:50	348256	----a-w-	c:\programdata\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2012-01-27 00:49:36	348256	----a-w-	c:\programdata\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2012-01-27 00:48:09	--------	d-----w-	c:\windows\system32\RsFx
2012-01-27 00:43:10	416	----a-w-	c:\programdata\microsoft\msdn\9.0\1033\ResourceCache.dll
2012-01-27 00:41:20	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-01-27 00:40:58	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-01-27 00:40:55	--------	d-----w-	c:\windows\system32\1033
2012-01-27 00:18:30	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-01-27 00:18:30	49472	----a-w-	c:\windows\system32\netfxperf.dll
2012-01-27 00:18:30	297808	----a-w-	c:\windows\system32\mscoree.dll
2012-01-27 00:18:30	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2012-01-27 00:18:30	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-01-27 00:02:16	--------	d-----w-	c:\users\home\appdata\local\Microsoft_Corporation
2012-01-27 00:00:54	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-01-26 23:50:38	2560	----a-w-	c:\windows\system32\msimsg.dll
2012-01-26 23:50:37	73216	----a-w-	c:\windows\system32\msiexec.exe
2012-01-26 23:50:37	332800	----a-w-	c:\windows\system32\msihnd.dll
2012-01-26 23:50:37	2241536	----a-w-	c:\windows\system32\msi.dll
.
==================== Find3M  ====================
.
2012-02-22 23:21:54	71680	----a-w-	c:\windows\system32\drivers\tdx.sys
2012-02-22 20:46:22	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-21 11:08:38	184320	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-02-21 01:14:17	83456	----a-w-	c:\windows\system32\drivers\serial.sys
2012-02-20 23:05:44	67072	----a-w-	c:\windows\system32\drivers\cdrom.sys
2012-02-20 13:14:41	66560	----a-w-	c:\windows\system32\drivers\smb.sys
.
============= FINISH: 23:49:40,56 ===============
         
__________________

Alt 24.02.2012, 06:35   #4
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 24.02.2012, 10:30   #5
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Hallo Larusso!

Anbei der Scan Report.

Code:
ATTFilter
11:25:59.0371 5720	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
11:25:59.0656 5720	============================================================
11:25:59.0656 5720	Current date / time: 2012/02/24 11:25:59.0656
11:25:59.0656 5720	SystemInfo:
11:25:59.0656 5720	
11:25:59.0656 5720	OS Version: 6.0.6001 ServicePack: 1.0
11:25:59.0656 5720	Product type: Workstation
11:25:59.0656 5720	ComputerName: ZENTRUM
11:25:59.0657 5720	UserName: home
11:25:59.0657 5720	Windows directory: C:\Windows
11:25:59.0657 5720	System windows directory: C:\Windows
11:25:59.0657 5720	Processor architecture: Intel x86
11:25:59.0657 5720	Number of processors: 2
11:25:59.0657 5720	Page size: 0x1000
11:25:59.0657 5720	Boot type: Normal boot
11:25:59.0657 5720	============================================================
11:26:00.0577 5720	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:26:00.0578 5720	\Device\Harddisk0\DR0:
11:26:00.0579 5720	MBR used
11:26:00.0579 5720	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
11:26:00.0592 5720	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x149076A5
11:26:00.0653 5720	Initialize success
11:26:00.0653 5720	============================================================
11:26:03.0324 4616	============================================================
11:26:03.0324 4616	Scan started
11:26:03.0324 4616	Mode: Manual; 
11:26:03.0324 4616	============================================================
11:26:05.0640 4616	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:26:05.0643 4616	ACPI - ok
11:26:05.0751 4616	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:26:05.0754 4616	adp94xx - ok
11:26:05.0778 4616	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:26:05.0781 4616	adpahci - ok
11:26:05.0795 4616	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:26:05.0797 4616	adpu160m - ok
11:26:05.0814 4616	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:26:05.0816 4616	adpu320 - ok
11:26:05.0881 4616	AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
11:26:05.0884 4616	AFD - ok
11:26:05.0929 4616	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
11:26:05.0930 4616	agp440 - ok
11:26:05.0942 4616	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:26:05.0944 4616	aic78xx - ok
11:26:05.0961 4616	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
11:26:05.0961 4616	aliide - ok
11:26:05.0976 4616	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
11:26:05.0978 4616	amdagp - ok
11:26:05.0989 4616	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
11:26:05.0990 4616	amdide - ok
11:26:06.0010 4616	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:26:06.0011 4616	AmdK7 - ok
11:26:06.0032 4616	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:26:06.0033 4616	AmdK8 - ok
11:26:06.0074 4616	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:26:06.0075 4616	arc - ok
11:26:06.0089 4616	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:26:06.0100 4616	arcsas - ok
11:26:06.0151 4616	AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
11:26:06.0159 4616	AsIO - ok
11:26:06.0212 4616	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:06.0214 4616	AsyncMac - ok
11:26:06.0253 4616	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:26:06.0253 4616	atapi - ok
11:26:06.0294 4616	AtcL001         (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys
11:26:06.0296 4616	AtcL001 - ok
11:26:06.0389 4616	athrusb         (465293fd9f2e31a18c5b64a7a578d601) C:\Windows\system32\DRIVERS\athrusb.sys
11:26:06.0395 4616	athrusb - ok
11:26:06.0505 4616	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:26:06.0506 4616	Beep - ok
11:26:06.0530 4616	blbdrive - ok
11:26:06.0586 4616	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
11:26:06.0588 4616	bowser - ok
11:26:06.0641 4616	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:26:06.0642 4616	BrFiltLo - ok
11:26:06.0672 4616	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:26:06.0673 4616	BrFiltUp - ok
11:26:06.0718 4616	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:26:06.0720 4616	Brserid - ok
11:26:06.0733 4616	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:26:06.0734 4616	BrSerWdm - ok
11:26:06.0744 4616	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:26:06.0745 4616	BrUsbMdm - ok
11:26:06.0754 4616	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:26:06.0756 4616	BrUsbSer - ok
11:26:06.0802 4616	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
11:26:06.0803 4616	BthEnum - ok
11:26:06.0818 4616	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:26:06.0819 4616	BTHMODEM - ok
11:26:06.0846 4616	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:26:06.0847 4616	BthPan - ok
11:26:06.0880 4616	BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
11:26:06.0882 4616	BTHPORT - ok
11:26:06.0899 4616	BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
11:26:06.0901 4616	BTHUSB - ok
11:26:06.0927 4616	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:06.0929 4616	cdfs - ok
11:26:07.0014 4616	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:26:07.0016 4616	cdrom - ok
11:26:07.0055 4616	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:26:07.0056 4616	circlass - ok
11:26:07.0088 4616	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:26:07.0091 4616	CLFS - ok
11:26:07.0128 4616	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
11:26:07.0129 4616	cmdide - ok
11:26:07.0137 4616	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
11:26:07.0138 4616	Compbatt - ok
11:26:07.0149 4616	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:26:07.0152 4616	crcdisk - ok
11:26:07.0166 4616	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:26:07.0167 4616	Crusoe - ok
11:26:07.0219 4616	DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
11:26:07.0220 4616	DfsC - ok
11:26:07.0287 4616	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:26:07.0288 4616	disk - ok
11:26:07.0354 4616	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:26:07.0356 4616	drmkaud - ok
11:26:07.0416 4616	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:26:07.0421 4616	dtsoftbus01 - ok
11:26:07.0479 4616	DXGKrnl         (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:07.0485 4616	DXGKrnl - ok
11:26:07.0562 4616	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:26:07.0564 4616	E1G60 - ok
11:26:07.0614 4616	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:26:07.0616 4616	Ecache - ok
11:26:07.0662 4616	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:26:07.0665 4616	elxstor - ok
11:26:07.0731 4616	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:26:07.0733 4616	exfat - ok
11:26:07.0751 4616	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:26:07.0753 4616	fastfat - ok
11:26:07.0806 4616	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:26:07.0807 4616	fdc - ok
11:26:07.0836 4616	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:26:07.0838 4616	FileInfo - ok
11:26:07.0863 4616	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:26:07.0865 4616	Filetrace - ok
11:26:07.0879 4616	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:07.0880 4616	flpydisk - ok
11:26:07.0889 4616	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:26:07.0892 4616	FltMgr - ok
11:26:07.0918 4616	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:07.0919 4616	Fs_Rec - ok
11:26:07.0941 4616	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:26:07.0942 4616	gagp30kx - ok
11:26:07.0959 4616	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:26:07.0961 4616	GEARAspiWDM - ok
11:26:08.0031 4616	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:26:08.0086 4616	HdAudAddService - ok
11:26:08.0276 4616	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:26:08.0277 4616	HDAudBus - ok
11:26:08.0312 4616	HidBth          (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
11:26:08.0314 4616	HidBth - ok
11:26:08.0336 4616	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:26:08.0337 4616	HidIr - ok
11:26:08.0388 4616	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:08.0389 4616	HidUsb - ok
11:26:08.0445 4616	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:26:08.0446 4616	HpCISSs - ok
11:26:08.0480 4616	HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
11:26:08.0486 4616	HTTP - ok
11:26:08.0500 4616	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:26:08.0501 4616	i2omp - ok
11:26:08.0551 4616	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:26:08.0552 4616	i8042prt - ok
11:26:08.0570 4616	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:26:08.0572 4616	iaStorV - ok
11:26:08.0591 4616	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:26:08.0592 4616	iirsp - ok
11:26:08.0643 4616	InCDfs          (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys
11:26:08.0645 4616	InCDfs - ok
11:26:08.0665 4616	InCDPass        (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys
11:26:08.0666 4616	InCDPass - ok
11:26:08.0677 4616	InCDrec         (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys
11:26:08.0683 4616	InCDrec - ok
11:26:08.0690 4616	incdrm          (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys
11:26:08.0691 4616	incdrm - ok
11:26:08.0842 4616	IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
11:26:08.0877 4616	IntcAzAudAddService - ok
11:26:09.0002 4616	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
11:26:09.0003 4616	intelide - ok
11:26:09.0036 4616	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:09.0037 4616	intelppm - ok
11:26:09.0068 4616	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:09.0069 4616	IpFilterDriver - ok
11:26:09.0103 4616	IpInIp - ok
11:26:09.0125 4616	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:26:09.0126 4616	IPMIDRV - ok
11:26:09.0144 4616	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:26:09.0146 4616	IPNAT - ok
11:26:09.0189 4616	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:26:09.0190 4616	IRENUM - ok
11:26:09.0209 4616	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
11:26:09.0210 4616	isapnp - ok
11:26:09.0265 4616	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:26:09.0268 4616	iScsiPrt - ok
11:26:09.0282 4616	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:26:09.0283 4616	iteatapi - ok
11:26:09.0318 4616	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:26:09.0319 4616	iteraid - ok
11:26:09.0352 4616	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:26:09.0353 4616	kbdclass - ok
11:26:09.0363 4616	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:26:09.0364 4616	kbdhid - ok
11:26:09.0425 4616	KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
11:26:09.0428 4616	KL1 - ok
11:26:09.0440 4616	kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
11:26:09.0441 4616	kl2 - ok
11:26:09.0527 4616	KLIF            (e00ea9dbb1df13f8a39700cc723eeb63) C:\Windows\system32\DRIVERS\klif.sys
11:26:09.0527 4616	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\klif.sys. md5: e00ea9dbb1df13f8a39700cc723eeb63
11:26:09.0529 4616	KLIF ( Virus.Win32.ZAccess.c ) - infected
11:26:09.0529 4616	KLIF - detected Virus.Win32.ZAccess.c (0)
11:26:09.0573 4616	KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
11:26:09.0574 4616	KLIM6 - ok
11:26:09.0610 4616	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
11:26:09.0611 4616	klmouflt - ok
11:26:09.0659 4616	KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
11:26:09.0662 4616	KSecDD - ok
11:26:09.0689 4616	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:09.0690 4616	lltdio - ok
11:26:09.0724 4616	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:26:09.0726 4616	LSI_FC - ok
11:26:09.0745 4616	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:26:09.0746 4616	LSI_SAS - ok
11:26:09.0765 4616	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:26:09.0767 4616	LSI_SCSI - ok
11:26:09.0795 4616	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:26:09.0796 4616	luafv - ok
11:26:09.0823 4616	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
11:26:09.0832 4616	MBAMProtector - ok
11:26:09.0930 4616	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:26:09.0931 4616	megasas - ok
11:26:10.0023 4616	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:26:10.0025 4616	Modem - ok
11:26:10.0092 4616	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:26:10.0093 4616	monitor - ok
11:26:10.0142 4616	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:26:10.0143 4616	mouclass - ok
11:26:10.0155 4616	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:26:10.0156 4616	mouhid - ok
11:26:10.0207 4616	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:26:10.0209 4616	MountMgr - ok
11:26:10.0257 4616	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:26:10.0259 4616	mpio - ok
11:26:10.0281 4616	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:26:10.0282 4616	mpsdrv - ok
11:26:10.0306 4616	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:26:10.0307 4616	Mraid35x - ok
11:26:10.0352 4616	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:26:10.0354 4616	MRxDAV - ok
11:26:10.0369 4616	mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:10.0371 4616	mrxsmb - ok
11:26:10.0392 4616	mrxsmb10        (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:10.0395 4616	mrxsmb10 - ok
11:26:10.0403 4616	mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:10.0406 4616	mrxsmb20 - ok
11:26:10.0422 4616	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
11:26:10.0423 4616	msahci - ok
11:26:10.0444 4616	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:26:10.0445 4616	msdsm - ok
11:26:10.0473 4616	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:26:10.0474 4616	Msfs - ok
11:26:10.0510 4616	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:26:10.0511 4616	msisadrv - ok
11:26:10.0561 4616	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:26:10.0562 4616	MSKSSRV - ok
11:26:10.0613 4616	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:10.0614 4616	MSPCLOCK - ok
11:26:10.0626 4616	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:26:10.0627 4616	MSPQM - ok
11:26:10.0662 4616	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:26:10.0665 4616	MsRPC - ok
11:26:10.0683 4616	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:26:10.0684 4616	mssmbios - ok
11:26:10.0721 4616	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:26:10.0722 4616	MSTEE - ok
11:26:10.0753 4616	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
11:26:10.0771 4616	MTsensor - ok
11:26:10.0802 4616	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:26:10.0803 4616	Mup - ok
11:26:10.0840 4616	NativeWifiP     (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
11:26:10.0848 4616	NativeWifiP - ok
11:26:10.0875 4616	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:26:10.0882 4616	NDIS - ok
11:26:10.0917 4616	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:10.0918 4616	NdisTapi - ok
11:26:10.0929 4616	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:10.0930 4616	Ndisuio - ok
11:26:10.0941 4616	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:10.0944 4616	NdisWan - ok
11:26:10.0972 4616	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:26:10.0974 4616	NDProxy - ok
11:26:11.0018 4616	Netaapl         (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
11:26:11.0027 4616	Netaapl - ok
11:26:11.0041 4616	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:26:11.0042 4616	NetBIOS - ok
11:26:11.0058 4616	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:26:11.0062 4616	netbt - ok
11:26:11.0123 4616	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:26:11.0124 4616	nfrd960 - ok
11:26:11.0148 4616	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:26:11.0150 4616	Npfs - ok
11:26:11.0174 4616	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:26:11.0175 4616	nsiproxy - ok
11:26:11.0249 4616	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:26:11.0265 4616	Ntfs - ok
11:26:11.0295 4616	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:26:11.0296 4616	ntrigdigi - ok
11:26:11.0307 4616	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:26:11.0308 4616	Null - ok
11:26:11.0589 4616	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:26:11.0885 4616	nvlddmkm - ok
11:26:11.0996 4616	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:26:11.0997 4616	nvraid - ok
11:26:12.0014 4616	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:26:12.0015 4616	nvstor - ok
11:26:12.0047 4616	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
11:26:12.0049 4616	nv_agp - ok
11:26:12.0055 4616	NwlnkFlt - ok
11:26:12.0064 4616	NwlnkFwd - ok
11:26:12.0118 4616	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
11:26:12.0119 4616	ohci1394 - ok
11:26:12.0170 4616	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:26:12.0171 4616	Parport - ok
11:26:12.0197 4616	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:26:12.0198 4616	partmgr - ok
11:26:12.0216 4616	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:26:12.0217 4616	Parvdm - ok
11:26:12.0290 4616	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
11:26:12.0292 4616	pci - ok
11:26:12.0329 4616	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:26:12.0331 4616	pciide - ok
11:26:12.0363 4616	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:26:12.0366 4616	pcmcia - ok
11:26:12.0407 4616	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:26:12.0419 4616	PEAUTH - ok
11:26:12.0498 4616	Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
11:26:12.0499 4616	Point32 - ok
11:26:12.0545 4616	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:26:12.0546 4616	PptpMiniport - ok
11:26:12.0579 4616	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:26:12.0580 4616	Processor - ok
11:26:12.0607 4616	PSched          (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
11:26:12.0608 4616	PSched - ok
11:26:12.0672 4616	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:26:12.0683 4616	ql2300 - ok
11:26:12.0704 4616	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:26:12.0706 4616	ql40xx - ok
11:26:12.0733 4616	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:26:12.0734 4616	QWAVEdrv - ok
11:26:12.0752 4616	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:26:12.0754 4616	RasAcd - ok
11:26:12.0785 4616	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:12.0786 4616	Rasl2tp - ok
11:26:12.0808 4616	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:12.0810 4616	RasPppoe - ok
11:26:12.0841 4616	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:26:12.0843 4616	RasSstp - ok
11:26:12.0859 4616	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:26:12.0861 4616	rdbss - ok
11:26:12.0869 4616	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:12.0870 4616	RDPCDD - ok
11:26:12.0892 4616	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
11:26:12.0896 4616	rdpdr - ok
11:26:12.0904 4616	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:26:12.0906 4616	RDPENCDD - ok
11:26:12.0930 4616	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:26:12.0950 4616	RDPWD - ok
11:26:12.0995 4616	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
11:26:12.0996 4616	RFCOMM - ok
11:26:13.0049 4616	RsFx0150        (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
11:26:13.0064 4616	RsFx0150 - ok
11:26:13.0081 4616	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:26:13.0083 4616	rspndr - ok
11:26:13.0108 4616	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:26:13.0110 4616	sbp2port - ok
11:26:13.0134 4616	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:26:13.0136 4616	secdrv - ok
11:26:13.0176 4616	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
11:26:13.0177 4616	Serenum - ok
11:26:13.0212 4616	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
11:26:13.0214 4616	Serial - ok
11:26:13.0266 4616	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:26:13.0267 4616	sermouse - ok
11:26:13.0342 4616	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
11:26:13.0343 4616	sffdisk - ok
11:26:13.0374 4616	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
11:26:13.0375 4616	sffp_mmc - ok
11:26:13.0414 4616	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
11:26:13.0416 4616	sffp_sd - ok
11:26:13.0443 4616	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:26:13.0444 4616	sfloppy - ok
11:26:13.0466 4616	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
11:26:13.0468 4616	sisagp - ok
11:26:13.0497 4616	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:26:13.0498 4616	SiSRaid2 - ok
11:26:13.0525 4616	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:26:13.0527 4616	SiSRaid4 - ok
11:26:13.0566 4616	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:26:13.0568 4616	Smb - ok
11:26:13.0621 4616	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:26:13.0622 4616	spldr - ok
11:26:13.0700 4616	srv             (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
11:26:13.0719 4616	srv - ok
11:26:13.0750 4616	srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
11:26:13.0765 4616	srv2 - ok
11:26:13.0784 4616	srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
11:26:13.0786 4616	srvnet - ok
11:26:13.0839 4616	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:26:13.0841 4616	swenum - ok
11:26:13.0904 4616	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:26:13.0905 4616	Symc8xx - ok
11:26:13.0927 4616	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:26:13.0928 4616	Sym_hi - ok
11:26:13.0955 4616	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:26:13.0956 4616	Sym_u3 - ok
11:26:14.0001 4616	Tcpip           (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
11:26:14.0018 4616	Tcpip - ok
11:26:14.0047 4616	Tcpip6          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
11:26:14.0053 4616	Tcpip6 - ok
11:26:14.0073 4616	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:26:14.0074 4616	tcpipreg - ok
11:26:14.0093 4616	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:26:14.0094 4616	TDPIPE - ok
11:26:14.0109 4616	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:26:14.0110 4616	TDTCP - ok
11:26:14.0129 4616	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:26:14.0143 4616	tdx - ok
11:26:14.0214 4616	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
11:26:14.0215 4616	TermDD - ok
11:26:14.0259 4616	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:14.0260 4616	tssecsrv - ok
11:26:14.0277 4616	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:26:14.0279 4616	tunmp - ok
11:26:14.0287 4616	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:26:14.0289 4616	tunnel - ok
11:26:14.0310 4616	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:26:14.0311 4616	uagp35 - ok
11:26:14.0335 4616	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
11:26:14.0338 4616	udfs - ok
11:26:14.0380 4616	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
11:26:14.0381 4616	uliagpkx - ok
11:26:14.0401 4616	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:26:14.0405 4616	uliahci - ok
11:26:14.0432 4616	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:26:14.0435 4616	UlSata - ok
11:26:14.0474 4616	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:26:14.0488 4616	ulsata2 - ok
11:26:14.0525 4616	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:26:14.0526 4616	umbus - ok
11:26:14.0563 4616	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:26:14.0564 4616	USBAAPL - ok
11:26:14.0611 4616	usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
11:26:14.0613 4616	usbaudio - ok
11:26:14.0667 4616	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:14.0669 4616	usbccgp - ok
11:26:14.0697 4616	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:26:14.0699 4616	usbcir - ok
11:26:14.0736 4616	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
11:26:14.0737 4616	usbehci - ok
11:26:14.0767 4616	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
11:26:14.0771 4616	usbhub - ok
11:26:14.0859 4616	USBMULCD        (5f34a6ca03501bf0510bc50238176864) C:\Windows\system32\drivers\CM106.sys
11:26:14.0867 4616	USBMULCD - ok
11:26:14.0892 4616	usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
11:26:14.0893 4616	usbohci - ok
11:26:14.0939 4616	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:26:14.0940 4616	usbprint - ok
11:26:14.0969 4616	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:14.0970 4616	USBSTOR - ok
11:26:15.0008 4616	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
11:26:15.0010 4616	usbuhci - ok
11:26:15.0047 4616	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:15.0048 4616	vga - ok
11:26:15.0091 4616	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:26:15.0092 4616	VgaSave - ok
11:26:15.0121 4616	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
11:26:15.0122 4616	viaagp - ok
11:26:15.0142 4616	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:26:15.0143 4616	ViaC7 - ok
11:26:15.0160 4616	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
11:26:15.0161 4616	viaide - ok
11:26:15.0193 4616	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:26:15.0195 4616	volmgr - ok
11:26:15.0241 4616	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:26:15.0246 4616	volmgrx - ok
11:26:15.0284 4616	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:26:15.0288 4616	volsnap - ok
11:26:15.0307 4616	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:26:15.0309 4616	vsmraid - ok
11:26:15.0335 4616	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:26:15.0336 4616	WacomPen - ok
11:26:15.0370 4616	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:15.0372 4616	Wanarp - ok
11:26:15.0387 4616	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:15.0388 4616	Wanarpv6 - ok
11:26:15.0426 4616	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:26:15.0427 4616	Wd - ok
11:26:15.0477 4616	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:26:15.0484 4616	Wdf01000 - ok
11:26:15.0541 4616	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
11:26:15.0542 4616	WmiAcpi - ok
11:26:15.0584 4616	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:26:15.0585 4616	WpdUsb - ok
11:26:15.0612 4616	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:26:15.0613 4616	ws2ifsl - ok
11:26:15.0642 4616	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:15.0644 4616	WUDFRd - ok
11:26:15.0672 4616	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:26:15.0695 4616	\Device\Harddisk0\DR0 - ok
11:26:15.0698 4616	Boot (0x1200)   (bb5540f6d8f8efcd862ae19869997e6a) \Device\Harddisk0\DR0\Partition0
11:26:15.0699 4616	\Device\Harddisk0\DR0\Partition0 - ok
11:26:15.0737 4616	Boot (0x1200)   (b5da5e382cddf6b7f6348674d5b68c34) \Device\Harddisk0\DR0\Partition1
11:26:15.0748 4616	\Device\Harddisk0\DR0\Partition1 - ok
11:26:15.0748 4616	============================================================
11:26:15.0748 4616	Scan finished
11:26:15.0748 4616	============================================================
11:26:15.0780 4244	Detected object count: 1
11:26:15.0780 4244	Actual detected object count: 1
11:26:22.0762 4244	KLIF ( Virus.Win32.ZAccess.c ) - skipped by user
11:26:22.0762 4244	KLIF ( Virus.Win32.ZAccess.c ) - User select action: Skip 
11:26:44.0790 5660	Deinitialize success
         


Alt 24.02.2012, 15:44   #6
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort
TDSSKiller Log
Combofix.txt
__________________
--> erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c

Alt 24.02.2012, 17:50   #7
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Hallo Larusso!

Habe das jetzt mit ach und krach geschafft.
Es gab einige probleme.

1) mein PC ist mir wärendessen oft abgeschützt (es war nicht mal ein BlueScreen zusehen)

2) wie ich mit dem TDSSKiller gescannt habe, hat sich meine Taskleiste automatisch von Design umgeändert auf klassisch (jedoch nur die Taskleiste inkl. Startmenü).

3) nach dem ich TDSSKiller ausgeführt habe bekomme ich keine Verbindung mehr zum Internet über meine Netzwerkkarte. (er kommt nicht mehr über die Netzwerkindentifizierung), Jedoch kann ich mich mit meinen Leptop ganz normal verbinden. Treiber der Netzwerkkarte habe ich schon versucht neu zu installierern; ohne erfolg...

Anbei die Logs

TDSSKiller
Code:
ATTFilter
17:16:54.0380 3876	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
17:16:55.0909 3876	============================================================
17:16:55.0909 3876	Current date / time: 2012/02/24 17:16:55.0909
17:16:55.0909 3876	SystemInfo:
17:16:55.0909 3876	
17:16:55.0925 3876	OS Version: 6.0.6001 ServicePack: 1.0
17:16:55.0925 3876	Product type: Workstation
17:16:55.0925 3876	ComputerName: ZENTRUM
17:16:55.0925 3876	UserName: home
17:16:55.0925 3876	Windows directory: C:\Windows
17:16:55.0925 3876	System windows directory: C:\Windows
17:16:55.0925 3876	Processor architecture: Intel x86
17:16:55.0925 3876	Number of processors: 2
17:16:55.0925 3876	Page size: 0x1000
17:16:55.0925 3876	Boot type: Normal boot
17:16:55.0925 3876	============================================================
17:16:59.0935 3876	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:16:59.0950 3876	\Device\Harddisk0\DR0:
17:16:59.0982 3876	MBR used
17:16:59.0982 3876	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
17:16:59.0982 3876	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x149076A5
17:17:00.0138 3876	Initialize success
17:17:00.0138 3876	============================================================
17:17:01.0479 3904	============================================================
17:17:01.0479 3904	Scan started
17:17:01.0479 3904	Mode: Manual; 
17:17:01.0479 3904	============================================================
17:17:03.0320 3904	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:17:03.0320 3904	ACPI - ok
17:17:03.0523 3904	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:17:03.0538 3904	adp94xx - ok
17:17:03.0726 3904	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:17:03.0726 3904	adpahci - ok
17:17:04.0038 3904	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:17:04.0038 3904	adpu160m - ok
17:17:04.0069 3904	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:17:04.0069 3904	adpu320 - ok
17:17:04.0178 3904	AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
17:17:04.0178 3904	AFD - ok
17:17:04.0225 3904	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:17:04.0225 3904	agp440 - ok
17:17:04.0256 3904	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:17:04.0256 3904	aic78xx - ok
17:17:04.0272 3904	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:17:04.0272 3904	aliide - ok
17:17:04.0303 3904	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:17:04.0303 3904	amdagp - ok
17:17:04.0303 3904	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:17:04.0318 3904	amdide - ok
17:17:04.0334 3904	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:17:04.0334 3904	AmdK7 - ok
17:17:04.0365 3904	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:17:04.0381 3904	AmdK8 - ok
17:17:04.0490 3904	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:17:04.0490 3904	arc - ok
17:17:04.0537 3904	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:17:04.0537 3904	arcsas - ok
17:17:04.0615 3904	AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
17:17:04.0615 3904	AsIO - ok
17:17:04.0646 3904	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:04.0646 3904	AsyncMac - ok
17:17:04.0677 3904	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:17:04.0677 3904	atapi - ok
17:17:04.0771 3904	AtcL001         (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys
17:17:04.0771 3904	AtcL001 - ok
17:17:04.0864 3904	athrusb         (465293fd9f2e31a18c5b64a7a578d601) C:\Windows\system32\DRIVERS\athrusb.sys
17:17:04.0911 3904	athrusb - ok
17:17:04.0989 3904	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:17:05.0036 3904	Beep - ok
17:17:05.0052 3904	blbdrive - ok
17:17:05.0114 3904	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
17:17:05.0145 3904	bowser - ok
17:17:05.0192 3904	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:17:05.0208 3904	BrFiltLo - ok
17:17:05.0239 3904	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:17:05.0254 3904	BrFiltUp - ok
17:17:05.0301 3904	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:17:05.0332 3904	Brserid - ok
17:17:05.0364 3904	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:17:05.0379 3904	BrSerWdm - ok
17:17:05.0457 3904	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:17:05.0473 3904	BrUsbMdm - ok
17:17:05.0504 3904	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:17:05.0535 3904	BrUsbSer - ok
17:17:05.0582 3904	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
17:17:05.0598 3904	BthEnum - ok
17:17:05.0629 3904	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:17:05.0644 3904	BTHMODEM - ok
17:17:05.0676 3904	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:17:05.0738 3904	BthPan - ok
17:17:05.0785 3904	BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
17:17:05.0816 3904	BTHPORT - ok
17:17:05.0847 3904	BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
17:17:05.0878 3904	BTHUSB - ok
17:17:06.0331 3904	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:17:06.0331 3904	cdfs - ok
17:17:06.0424 3904	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:17:06.0424 3904	cdrom - ok
17:17:06.0487 3904	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:17:06.0487 3904	circlass - ok
17:17:06.0549 3904	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:17:06.0549 3904	CLFS - ok
17:17:06.0627 3904	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:17:06.0627 3904	cmdide - ok
17:17:06.0643 3904	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:17:06.0643 3904	Compbatt - ok
17:17:06.0705 3904	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:17:06.0705 3904	crcdisk - ok
17:17:06.0721 3904	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:17:06.0721 3904	Crusoe - ok
17:17:06.0830 3904	DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
17:17:06.0830 3904	DfsC - ok
17:17:06.0924 3904	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:17:06.0924 3904	disk - ok
17:17:07.0080 3904	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:17:07.0095 3904	drmkaud - ok
17:17:07.0158 3904	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:07.0158 3904	dtsoftbus01 - ok
17:17:07.0220 3904	DXGKrnl         (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:07.0220 3904	DXGKrnl - ok
17:17:07.0282 3904	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:17:07.0282 3904	E1G60 - ok
17:17:07.0345 3904	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:17:07.0345 3904	Ecache - ok
17:17:07.0423 3904	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:17:07.0423 3904	elxstor - ok
17:17:07.0501 3904	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:17:07.0501 3904	exfat - ok
17:17:07.0548 3904	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:17:07.0548 3904	fastfat - ok
17:17:07.0610 3904	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:17:07.0641 3904	fdc - ok
17:17:07.0657 3904	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:17:07.0657 3904	FileInfo - ok
17:17:07.0704 3904	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:17:07.0704 3904	Filetrace - ok
17:17:07.0735 3904	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:07.0735 3904	flpydisk - ok
17:17:07.0766 3904	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:17:07.0766 3904	FltMgr - ok
17:17:07.0813 3904	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:07.0813 3904	Fs_Rec - ok
17:17:07.0844 3904	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:17:07.0844 3904	gagp30kx - ok
17:17:07.0875 3904	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:17:07.0891 3904	GEARAspiWDM - ok
17:17:07.0953 3904	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:17:07.0953 3904	HdAudAddService - ok
17:17:07.0984 3904	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:07.0984 3904	HDAudBus - ok
17:17:08.0031 3904	HidBth          (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
17:17:08.0031 3904	HidBth - ok
17:17:08.0078 3904	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:17:08.0078 3904	HidIr - ok
17:17:08.0109 3904	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:08.0109 3904	HidUsb - ok
17:17:08.0140 3904	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:17:08.0140 3904	HpCISSs - ok
17:17:08.0187 3904	HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
17:17:08.0187 3904	HTTP - ok
17:17:08.0218 3904	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:17:08.0218 3904	i2omp - ok
17:17:08.0328 3904	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:08.0328 3904	i8042prt - ok
17:17:08.0343 3904	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:17:08.0343 3904	iaStorV - ok
17:17:08.0359 3904	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:17:08.0359 3904	iirsp - ok
17:17:08.0406 3904	InCDfs          (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys
17:17:08.0406 3904	InCDfs - ok
17:17:08.0421 3904	InCDPass        (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys
17:17:08.0421 3904	InCDPass - ok
17:17:08.0437 3904	InCDrec         (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys
17:17:08.0437 3904	InCDrec - ok
17:17:08.0437 3904	incdrm          (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys
17:17:08.0437 3904	incdrm - ok
17:17:08.0577 3904	IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
17:17:08.0593 3904	IntcAzAudAddService - ok
17:17:08.0640 3904	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:17:08.0640 3904	intelide - ok
17:17:08.0655 3904	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:08.0655 3904	intelppm - ok
17:17:08.0686 3904	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:08.0702 3904	IpFilterDriver - ok
17:17:08.0702 3904	IpInIp - ok
17:17:08.0733 3904	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:17:08.0733 3904	IPMIDRV - ok
17:17:08.0796 3904	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:17:08.0811 3904	IPNAT - ok
17:17:08.0842 3904	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:17:08.0842 3904	IRENUM - ok
17:17:08.0874 3904	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:17:08.0874 3904	isapnp - ok
17:17:08.0905 3904	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:17:09.0544 3904	iScsiPrt - ok
17:17:09.0669 3904	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:17:09.0669 3904	iteatapi - ok
17:17:09.0669 3904	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:17:09.0669 3904	iteraid - ok
17:17:09.0700 3904	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:09.0700 3904	kbdclass - ok
17:17:09.0747 3904	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:17:09.0747 3904	kbdhid - ok
17:17:09.0810 3904	KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
17:17:09.0825 3904	KL1 - ok
17:17:09.0856 3904	kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
17:17:09.0856 3904	kl2 - ok
17:17:09.0888 3904	KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
17:17:09.0888 3904	KLIF - ok
17:17:09.0919 3904	KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
17:17:09.0919 3904	KLIM6 - ok
17:17:09.0934 3904	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
17:17:09.0934 3904	klmouflt - ok
17:17:10.0012 3904	KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
17:17:10.0012 3904	KSecDD - ok
17:17:10.0075 3904	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:10.0075 3904	lltdio - ok
17:17:10.0137 3904	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:17:10.0137 3904	LSI_FC - ok
17:17:10.0184 3904	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:17:10.0184 3904	LSI_SAS - ok
17:17:10.0231 3904	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:17:10.0231 3904	LSI_SCSI - ok
17:17:10.0293 3904	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:17:10.0293 3904	luafv - ok
17:17:10.0324 3904	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
17:17:10.0356 3904	MBAMProtector - ok
17:17:10.0387 3904	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:17:10.0387 3904	megasas - ok
17:17:10.0449 3904	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:17:10.0449 3904	Modem - ok
17:17:10.0480 3904	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:17:10.0480 3904	monitor - ok
17:17:10.0512 3904	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:10.0512 3904	mouclass - ok
17:17:10.0558 3904	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:10.0558 3904	mouhid - ok
17:17:10.0574 3904	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:17:10.0574 3904	MountMgr - ok
17:17:10.0621 3904	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:17:10.0621 3904	mpio - ok
17:17:10.0652 3904	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:17:10.0652 3904	mpsdrv - ok
17:17:10.0839 3904	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:17:10.0839 3904	Mraid35x - ok
17:17:10.0917 3904	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:17:10.0917 3904	MRxDAV - ok
17:17:11.0058 3904	mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:11.0058 3904	mrxsmb - ok
17:17:11.0198 3904	mrxsmb10        (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:11.0198 3904	mrxsmb10 - ok
17:17:11.0370 3904	mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:11.0370 3904	mrxsmb20 - ok
17:17:11.0401 3904	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:17:11.0401 3904	msahci - ok
17:17:11.0416 3904	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:17:11.0416 3904	msdsm - ok
17:17:11.0619 3904	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:17:11.0619 3904	Msfs - ok
17:17:11.0728 3904	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:17:11.0728 3904	msisadrv - ok
17:17:11.0760 3904	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:11.0760 3904	MSKSSRV - ok
17:17:11.0806 3904	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:11.0806 3904	MSPCLOCK - ok
17:17:11.0822 3904	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:17:11.0822 3904	MSPQM - ok
17:17:11.0853 3904	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:17:11.0853 3904	MsRPC - ok
17:17:11.0962 3904	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:11.0962 3904	mssmbios - ok
17:17:12.0040 3904	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:17:12.0040 3904	MSTEE - ok
17:17:12.0056 3904	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
17:17:12.0056 3904	MTsensor - ok
17:17:12.0274 3904	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:17:12.0274 3904	Mup - ok
17:17:12.0430 3904	NativeWifiP     (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:12.0430 3904	NativeWifiP - ok
17:17:12.0696 3904	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:17:12.0696 3904	NDIS - ok
17:17:12.0930 3904	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:12.0930 3904	NdisTapi - ok
17:17:12.0945 3904	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:12.0945 3904	Ndisuio - ok
17:17:13.0164 3904	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:13.0164 3904	NdisWan - ok
17:17:13.0320 3904	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:17:13.0335 3904	NDProxy - ok
17:17:13.0398 3904	Netaapl         (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
17:17:13.0398 3904	Netaapl - ok
17:17:13.0444 3904	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:17:13.0444 3904	NetBIOS - ok
17:17:13.0460 3904	netbt           (be4a82e1ce1e15f88e09fe7619d110c4) C:\Windows\system32\DRIVERS\netbt.sys
17:17:13.0460 3904	Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: be4a82e1ce1e15f88e09fe7619d110c4, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02
17:17:13.0460 3904	netbt ( Virus.Win32.ZAccess.c ) - infected
17:17:13.0460 3904	netbt - detected Virus.Win32.ZAccess.c (0)
17:17:13.0694 3904	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:17:13.0710 3904	nfrd960 - ok
17:17:13.0897 3904	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:17:13.0897 3904	Npfs - ok
17:17:14.0131 3904	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:17:14.0131 3904	nsiproxy - ok
17:17:14.0427 3904	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:17:14.0443 3904	Ntfs - ok
17:17:14.0568 3904	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:17:14.0583 3904	ntrigdigi - ok
17:17:14.0614 3904	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:17:14.0614 3904	Null - ok
17:17:14.0895 3904	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:17:14.0958 3904	nvlddmkm - ok
17:17:15.0082 3904	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:17:15.0098 3904	nvraid - ok
17:17:15.0129 3904	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:17:15.0129 3904	nvstor - ok
17:17:15.0207 3904	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:17:15.0207 3904	nv_agp - ok
17:17:15.0254 3904	NwlnkFlt - ok
17:17:15.0348 3904	NwlnkFwd - ok
17:17:15.0613 3904	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:17:15.0613 3904	ohci1394 - ok
17:17:16.0081 3904	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:17:16.0081 3904	Parport - ok
17:17:16.0096 3904	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:17:16.0096 3904	partmgr - ok
17:17:16.0128 3904	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:17:16.0128 3904	Parvdm - ok
17:17:16.0143 3904	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:17:16.0143 3904	pci - ok
17:17:16.0190 3904	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:17:16.0190 3904	pciide - ok
17:17:16.0206 3904	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:17:16.0221 3904	pcmcia - ok
17:17:16.0268 3904	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:17:16.0284 3904	PEAUTH - ok
17:17:16.0362 3904	Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
17:17:16.0362 3904	Point32 - ok
17:17:16.0471 3904	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:17:16.0471 3904	PptpMiniport - ok
17:17:16.0502 3904	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:17:16.0518 3904	Processor - ok
17:17:16.0642 3904	PSched          (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
17:17:16.0642 3904	PSched - ok
17:17:16.0736 3904	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:17:16.0752 3904	ql2300 - ok
17:17:16.0767 3904	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:17:16.0783 3904	ql40xx - ok
17:17:16.0814 3904	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:17:16.0814 3904	QWAVEdrv - ok
17:17:16.0845 3904	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:17:16.0845 3904	RasAcd - ok
17:17:16.0876 3904	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:17:16.0876 3904	Rasl2tp - ok
17:17:16.0892 3904	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:17:16.0892 3904	RasPppoe - ok
17:17:16.0908 3904	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:17:16.0908 3904	RasSstp - ok
17:17:16.0923 3904	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:17:16.0939 3904	rdbss - ok
17:17:16.0939 3904	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:17:16.0939 3904	RDPCDD - ok
17:17:16.0986 3904	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:17:16.0986 3904	rdpdr - ok
17:17:17.0001 3904	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:17:17.0001 3904	RDPENCDD - ok
17:17:17.0032 3904	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:17:17.0032 3904	RDPWD - ok
17:17:17.0095 3904	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
17:17:17.0095 3904	RFCOMM - ok
17:17:17.0204 3904	RsFx0150        (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
17:17:17.0220 3904	RsFx0150 - ok
17:17:17.0298 3904	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:17:17.0298 3904	rspndr - ok
17:17:17.0360 3904	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:17:17.0360 3904	sbp2port - ok
17:17:17.0391 3904	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:17:17.0407 3904	secdrv - ok
17:17:17.0454 3904	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:17:17.0469 3904	Serenum - ok
17:17:17.0532 3904	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:17:17.0532 3904	Serial - ok
17:17:17.0578 3904	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:17:17.0594 3904	sermouse - ok
17:17:17.0672 3904	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:17:17.0703 3904	sffdisk - ok
17:17:17.0781 3904	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:17:17.0781 3904	sffp_mmc - ok
17:17:17.0828 3904	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:17:17.0828 3904	sffp_sd - ok
17:17:17.0859 3904	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:17:17.0859 3904	sfloppy - ok
17:17:17.0906 3904	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:17:17.0906 3904	sisagp - ok
17:17:17.0922 3904	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:17:17.0922 3904	SiSRaid2 - ok
17:17:17.0937 3904	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:17:17.0937 3904	SiSRaid4 - ok
17:17:18.0000 3904	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:17:18.0000 3904	Smb - ok
17:17:18.0093 3904	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:17:18.0093 3904	spldr - ok
17:17:18.0249 3904	srv             (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
17:17:18.0296 3904	srv - ok
17:17:18.0358 3904	srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
17:17:18.0390 3904	srv2 - ok
17:17:18.0468 3904	srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
17:17:18.0468 3904	srvnet - ok
17:17:18.0608 3904	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:17:18.0608 3904	swenum - ok
17:17:18.0717 3904	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:17:18.0733 3904	Symc8xx - ok
17:17:18.0764 3904	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:17:18.0780 3904	Sym_hi - ok
17:17:18.0826 3904	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:17:18.0826 3904	Sym_u3 - ok
17:17:18.0873 3904	Tcpip           (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
17:17:18.0904 3904	Tcpip - ok
17:17:18.0936 3904	Tcpip6          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
17:17:18.0936 3904	Tcpip6 - ok
17:17:18.0951 3904	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:17:18.0951 3904	tcpipreg - ok
17:17:18.0982 3904	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:17:18.0982 3904	TDPIPE - ok
17:17:18.0998 3904	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:17:18.0998 3904	TDTCP - ok
17:17:19.0014 3904	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:17:19.0029 3904	tdx - ok
17:17:19.0092 3904	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:17:19.0092 3904	TermDD - ok
17:17:19.0154 3904	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:19.0170 3904	tssecsrv - ok
17:17:19.0216 3904	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:17:19.0232 3904	tunmp - ok
17:17:19.0248 3904	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:17:19.0263 3904	tunnel - ok
17:17:19.0279 3904	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:17:19.0294 3904	uagp35 - ok
17:17:19.0326 3904	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:17:19.0341 3904	udfs - ok
17:17:19.0372 3904	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:17:19.0372 3904	uliagpkx - ok
17:17:19.0404 3904	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:17:19.0419 3904	uliahci - ok
17:17:19.0435 3904	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:17:19.0435 3904	UlSata - ok
17:17:19.0450 3904	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:17:19.0450 3904	ulsata2 - ok
17:17:19.0482 3904	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:17:19.0482 3904	umbus - ok
17:17:19.0528 3904	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:17:19.0528 3904	USBAAPL - ok
17:17:19.0591 3904	usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
17:17:19.0591 3904	usbaudio - ok
17:17:19.0622 3904	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:19.0622 3904	usbccgp - ok
17:17:19.0638 3904	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:17:19.0638 3904	usbcir - ok
17:17:19.0700 3904	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:17:19.0700 3904	usbehci - ok
17:17:19.0716 3904	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:17:19.0716 3904	usbhub - ok
17:17:19.0747 3904	USBMULCD        (5f34a6ca03501bf0510bc50238176864) C:\Windows\system32\drivers\CM106.sys
17:17:19.0762 3904	USBMULCD - ok
17:17:19.0794 3904	usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
17:17:19.0809 3904	usbohci - ok
17:17:19.0856 3904	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:17:19.0872 3904	usbprint - ok
17:17:19.0934 3904	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:19.0950 3904	USBSTOR - ok
17:17:20.0012 3904	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:17:20.0012 3904	usbuhci - ok
17:17:20.0059 3904	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:20.0059 3904	vga - ok
17:17:20.0121 3904	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:17:20.0121 3904	VgaSave - ok
17:17:20.0152 3904	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:17:20.0152 3904	viaagp - ok
17:17:20.0168 3904	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:17:20.0184 3904	ViaC7 - ok
17:17:20.0199 3904	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:17:20.0199 3904	viaide - ok
17:17:20.0230 3904	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:17:20.0230 3904	volmgr - ok
17:17:20.0277 3904	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:17:20.0293 3904	volmgrx - ok
17:17:20.0308 3904	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:17:20.0324 3904	volsnap - ok
17:17:20.0355 3904	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:17:20.0355 3904	vsmraid - ok
17:17:20.0433 3904	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:17:20.0433 3904	WacomPen - ok
17:17:20.0480 3904	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:20.0496 3904	Wanarp - ok
17:17:20.0542 3904	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:20.0542 3904	Wanarpv6 - ok
17:17:20.0589 3904	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:17:20.0620 3904	Wd - ok
17:17:20.0792 3904	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:17:20.0808 3904	Wdf01000 - ok
17:17:21.0166 3904	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:17:21.0182 3904	WmiAcpi - ok
17:17:21.0432 3904	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:17:21.0447 3904	WpdUsb - ok
17:17:21.0556 3904	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:17:21.0556 3904	ws2ifsl - ok
17:17:21.0603 3904	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:21.0603 3904	WUDFRd - ok
17:17:21.0650 3904	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:17:21.0681 3904	\Device\Harddisk0\DR0 - ok
17:17:21.0681 3904	Boot (0x1200)   (bb5540f6d8f8efcd862ae19869997e6a) \Device\Harddisk0\DR0\Partition0
17:17:21.0681 3904	\Device\Harddisk0\DR0\Partition0 - ok
17:17:21.0712 3904	Boot (0x1200)   (b5da5e382cddf6b7f6348674d5b68c34) \Device\Harddisk0\DR0\Partition1
17:17:21.0728 3904	\Device\Harddisk0\DR0\Partition1 - ok
17:17:21.0728 3904	============================================================
17:17:21.0728 3904	Scan finished
17:17:21.0728 3904	============================================================
17:17:21.0744 2948	Detected object count: 1
17:17:21.0744 2948	Actual detected object count: 1
17:17:24.0052 2948	C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
17:17:25.0316 2948	Backup copy found, using it..
17:17:25.0425 2948	C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
17:17:34.0321 2948	netbt ( Virus.Win32.ZAccess.c ) - User select action: Cure 
17:17:36.0761 2256	Deinitialize success
         

ComboFix
[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-24.02 - home 24.02.2012  17:38:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1901 [GMT 1:00]
ausgeführt von:: c:\users\home\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
	/wow section - STAGE 31
Zugriff verweigert
Zugriff verweigert
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\windows\$NtUninstallKB43143$\2682074970\@
c:\windows\$NtUninstallKB43143$\2682074970\cfg.ini
c:\windows\$NtUninstallKB43143$\2682074970\Desktop.ini
c:\windows\$NtUninstallKB43143$\2682074970\L\qnbwvoto
c:\windows\$NtUninstallKB43143$\778343365
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Infizierte Kopie von c:\windows\system32\drivers\dfsc.sys wurde gefunden und desinfiziert 
Kopie von - The cat found it :) wurde wiederhergestellt 
c:\windows\system32\drivers\afd.sys fehlte 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))
.
.
2012-02-22 20:16 . 2012-02-22 21:01	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 20:16 . 2012-02-22 20:16	--------	d-----w-	c:\users\home\AppData\Roaming\Malwarebytes
2012-02-22 20:15 . 2012-02-22 20:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-22 20:15 . 2012-02-22 20:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-22 20:15 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\users\home\AppData\Roaming\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\users\home\AppData\Roaming\DriverCure
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\program files\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\program files\Common Files\SpeedyPC Software
2012-02-20 23:57 . 2012-02-20 23:57	--------	d-----w-	c:\users\home\DoctorWeb
2012-02-20 13:13 . 2012-02-24 16:17	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-19 17:30 . 2012-02-19 17:30	--------	d-----w-	c:\users\home\AppData\Roaming\dvdcss
2012-02-19 04:20 . 2012-02-19 15:51	--------	d-----w-	c:\users\home\AppData\Roaming\Uxul
2012-02-19 04:20 . 2012-02-19 04:26	--------	d-----w-	c:\users\home\AppData\Roaming\Tuip
2012-02-19 04:05 . 2012-02-24 16:17	0	--sha-w-	c:\windows\system32\dds_trash_log.cmd
2012-02-15 04:40 . 2012-02-15 04:40	--------	d-----w-	c:\users\home\AppData\Roaming\Download Manager
2012-02-07 23:19 . 2012-02-07 23:24	--------	d-----w-	c:\program files\JDownloader
2012-02-07 23:18 . 2012-02-07 23:18	237	----a-w-	C:\user.js
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\users\home\AppData\Local\Babylon
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\users\home\AppData\Roaming\Babylon
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\programdata\Babylon
2012-02-07 22:55 . 2012-02-07 22:56	--------	d-----w-	c:\users\home\AppData\Roaming\FileZilla
2012-02-07 22:42 . 2012-02-08 21:33	--------	d-----w-	c:\program files\CesarFTP
2012-02-07 21:03 . 2012-02-07 21:03	--------	d-----w-	c:\users\home\AppData\Local\Xenocode
2012-01-29 21:12 . 2012-01-29 21:12	--------	d-----w-	c:\users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-27 00:50 . 2010-04-03 10:51	47456	----a-w-	c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-01-27 00:50 . 2010-04-03 10:51	73568	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-01-27 00:49 . 2012-01-27 00:49	348256	----a-w-	c:\programdata\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2012-01-27 00:49 . 2012-01-27 00:49	348256	----a-w-	c:\programdata\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2012-01-27 00:48 . 2012-01-27 00:48	--------	d-----w-	c:\windows\system32\RsFx
2012-01-27 00:43 . 2012-01-27 00:43	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft SDKs
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-01-27 00:40 . 2012-01-27 00:40	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-01-27 00:40 . 2012-01-27 00:40	--------	d-----w-	c:\windows\system32\1033
2012-01-27 00:18 . 2009-11-08 17:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-01-27 00:18 . 2009-11-08 17:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2012-01-27 00:18 . 2009-11-08 17:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2012-01-27 00:18 . 2009-11-08 17:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2012-01-27 00:18 . 2009-11-08 17:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-01-27 00:02 . 2012-01-27 00:02	--------	d-----w-	c:\users\home\AppData\Local\Microsoft_Corporation
2012-01-27 00:00 . 2012-01-27 00:48	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-01-26 23:50 . 2008-04-18 02:33	2560	----a-w-	c:\windows\system32\msimsg.dll
2012-01-26 23:50 . 2008-04-18 05:30	332800	----a-w-	c:\windows\system32\msihnd.dll
2012-01-26 23:50 . 2008-04-18 05:30	2241536	----a-w-	c:\windows\system32\msi.dll
2012-01-26 23:50 . 2008-04-18 02:33	73216	----a-w-	c:\windows\system32\msiexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 16:18 . 2011-04-18 00:31	184320	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-02-22 23:21 . 2011-04-18 00:31	71680	----a-w-	c:\windows\system32\drivers\tdx.sys
2012-02-22 20:46 . 2011-04-18 00:15	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-20 23:05 . 2011-04-18 00:31	67072	----a-w-	c:\windows\system32\drivers\cdrom.sys
2012-02-20 13:14 . 2011-04-18 00:31	66560	----a-w-	c:\windows\system32\drivers\smb.sys
2012-02-19 01:17 . 2011-04-17 20:04	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-02-24 2000712]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2011-04-17 6144000]
"Skytel"="Skytel.exe" [2011-04-17 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12	483328	----a-w-	c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 02:28	11989960	----a-w-	c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoEJCD_0ACE20FF]
2011-04-17 19:47	40960	----a-w-	c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-24 22:39	136176	----atw-	c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55	1057328	----a-w-	c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55	54832	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-04-23 00:20	557056	----a-w-	c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10	56928	------w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 13:55	1628208	----a-w-	c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
CTAudSvcService
d-link_st3402
netcfgsvr
msmpsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]
.
2012-02-21 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-02-23 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2012-02-21 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{C1314B95-FC2D-4D0A-A6C8-B8FD87E59B1E}.job
- c:\windows\system32\msfeedssync.exe [2011-05-19 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -
LSP: mswsock.dll
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cm106Sound - cm106.cpl
SafeBoot-09910596.sys
SafeBoot-14559450.sys
SafeBoot-16333381.sys
SafeBoot-27101916.sys
SafeBoot-28873028.sys
SafeBoot-29502835.sys
SafeBoot-67791138.sys
SafeBoot-97360579.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-24 17:51
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\$NtUninstallKB43143$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ASUS\AASP\1.00.65\aaCenter.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-24  17:57:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-24 16:57
.
Vor Suchlauf: 7.521.710.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.426.514.432 Bytes frei
.
- - End Of File - - F45D1B62AAA004A8FA5D03502E9D56D7
         
--- --- ---
Angehängte Dateien
Dateityp: txt ComboFix.txt (19,9 KB, 203x aufgerufen)

Alt 25.02.2012, 03:09   #8
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



... jetzt ist oben drein noch der Antivirenschutz von kaspersky von selbst deaktivert und lässt sich auch nicht mehr aktivieren.

habe schon versucht kis neu zu installieren. nach einem neustart bekomme ich dann wieder die meldung von kis:

Beschätigte Schutzkomponenten (es wird empfohlen neu zu installieren)
Datei-Antivirus wurde deaktivert
Web-Anti-Viris wurde deaktivert
... und natürlich lässt sich nicht aktivieren

Alt 25.02.2012, 04:23   #9
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



SP: Kaspersky Internet Security *Enabled/Updated

Warum war es beim Lauf von CF an ? Lies meine Anleitungen genau, oder du ( nicht ich ) schrottest dein System.


Deinstalliere Kaspersky.



Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version.

Speichere diese auf dem Desktop.
Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 25.02.2012, 13:03   #10
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



habe CF gestartet und die Warnung ist gleich aufgetaucht das ich Kis noch anhabe. habe diesen dann gleich beendet und bin dann erst auf CF fortgefahren.

daher denke ich das das noch in den logs dabei stand.

hab jetzt CF runtergeladen, hatte natürlich viele abstürtzte, aber habe es doch geschaft.
anbei die Logs


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-24.02 - home 25.02.2012  12:50:03.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.2098 [GMT 1:00]
ausgeführt von:: c:\users\home\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB43143$\2682074970\@
c:\windows\$NtUninstallKB43143$\2682074970\cfg.ini
c:\windows\$NtUninstallKB43143$\2682074970\Desktop.ini
c:\windows\$NtUninstallKB43143$\2682074970\L\qnbwvoto
c:\windows\$NtUninstallKB43143$\3818015518
.
Infizierte Kopie von c:\windows\system32\drivers\Serial.sys wurde gefunden und desinfiziert 
Kopie von - The cat found it :) wurde wiederhergestellt 
c:\windows\system32\drivers\netbt.sys fehlte 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\Serial.sys fehlte 
Kopie von - c:\windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys wurde wiederhergestellt
.
c:\windows\system32\drivers\tdx.sys fehlte 
Kopie von - c:\windows\ERDNT\cache\tdx.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-25 bis 2012-02-25  ))))))))))))))))))))))))))))))
.
.
2012-02-25 11:56 . 2012-02-25 12:57	--------	d-----w-	c:\users\home\AppData\Local\temp
2012-02-25 11:56 . 2012-02-25 11:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-25 11:56 . 2012-02-22 23:21	71680	----a-w-	c:\windows\system32\drivers\tdx.sys
2012-02-25 11:56 . 2008-01-18 19:49	83456	----a-w-	c:\windows\system32\drivers\Serial.sys
2012-02-25 11:56 . 2006-11-02 08:57	184320	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-02-25 01:27 . 2012-02-25 01:28	--------	d-----w-	c:\users\home\{955087eb-dec1-4669-9107-69b935151dad}
2012-02-25 00:41 . 2012-02-25 00:42	--------	d-----w-	c:\users\home\{dc67af90-3250-42a2-88db-60c805eaefda}
2012-02-22 20:16 . 2012-02-22 21:01	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 20:16 . 2012-02-22 20:16	--------	d-----w-	c:\users\home\AppData\Roaming\Malwarebytes
2012-02-22 20:15 . 2012-02-22 20:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\users\home\AppData\Roaming\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\users\home\AppData\Roaming\DriverCure
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\program files\SpeedyPC Software
2012-02-21 01:44 . 2012-02-21 01:44	--------	d-----w-	c:\program files\Common Files\SpeedyPC Software
2012-02-20 23:57 . 2012-02-20 23:57	--------	d-----w-	c:\users\home\DoctorWeb
2012-02-20 13:13 . 2012-02-24 23:11	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-19 17:30 . 2012-02-19 17:30	--------	d-----w-	c:\users\home\AppData\Roaming\dvdcss
2012-02-19 04:20 . 2012-02-19 15:51	--------	d-----w-	c:\users\home\AppData\Roaming\Uxul
2012-02-19 04:20 . 2012-02-19 04:26	--------	d-----w-	c:\users\home\AppData\Roaming\Tuip
2012-02-19 04:05 . 2012-02-25 01:35	0	--sha-w-	c:\windows\system32\dds_trash_log.cmd
2012-02-15 04:40 . 2012-02-15 04:40	--------	d-----w-	c:\users\home\AppData\Roaming\Download Manager
2012-02-07 23:19 . 2012-02-07 23:24	--------	d-----w-	c:\program files\JDownloader
2012-02-07 23:18 . 2012-02-07 23:18	237	----a-w-	C:\user.js
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\users\home\AppData\Local\Babylon
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\users\home\AppData\Roaming\Babylon
2012-02-07 23:18 . 2012-02-07 23:18	--------	d-----w-	c:\programdata\Babylon
2012-02-07 22:55 . 2012-02-07 22:56	--------	d-----w-	c:\users\home\AppData\Roaming\FileZilla
2012-02-07 22:42 . 2012-02-08 21:33	--------	d-----w-	c:\program files\CesarFTP
2012-02-07 21:03 . 2012-02-07 21:03	--------	d-----w-	c:\users\home\AppData\Local\Xenocode
2012-01-29 21:12 . 2012-01-29 21:12	--------	d-----w-	c:\users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-27 00:50 . 2010-04-03 10:51	47456	----a-w-	c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-01-27 00:50 . 2010-04-03 10:51	73568	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-01-27 00:49 . 2012-01-27 00:49	348256	----a-w-	c:\programdata\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2012-01-27 00:49 . 2012-01-27 00:49	348256	----a-w-	c:\programdata\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2012-01-27 00:48 . 2012-01-27 00:48	--------	d-----w-	c:\windows\system32\RsFx
2012-01-27 00:43 . 2012-01-27 00:43	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft SDKs
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2012-01-27 00:41 . 2012-01-27 00:41	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-01-27 00:40 . 2012-01-27 00:40	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-01-27 00:40 . 2012-01-27 00:40	--------	d-----w-	c:\windows\system32\1033
2012-01-27 00:18 . 2009-11-08 17:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-01-27 00:18 . 2009-11-08 17:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2012-01-27 00:18 . 2009-11-08 17:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2012-01-27 00:18 . 2009-11-08 17:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2012-01-27 00:18 . 2009-11-08 17:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-01-27 00:02 . 2012-01-27 00:02	--------	d-----w-	c:\users\home\AppData\Local\Microsoft_Corporation
2012-01-27 00:00 . 2012-01-27 00:48	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-01-26 23:50 . 2008-04-18 02:33	2560	----a-w-	c:\windows\system32\msimsg.dll
2012-01-26 23:50 . 2008-04-18 05:30	332800	----a-w-	c:\windows\system32\msihnd.dll
2012-01-26 23:50 . 2008-04-18 05:30	2241536	----a-w-	c:\windows\system32\msi.dll
2012-01-26 23:50 . 2008-04-18 02:33	73216	----a-w-	c:\windows\system32\msiexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 23:12 . 2012-02-24 23:18	270336	----a-w-	c:\windows\system32\drivers\afd.svs
2012-02-22 20:46 . 2011-04-18 00:15	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-20 23:05 . 2011-04-18 00:31	67072	----a-w-	c:\windows\system32\drivers\cdrom.sys
2012-02-19 01:17 . 2011-04-17 20:04	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-02-24 2000712]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2011-04-17 6144000]
"Skytel"="Skytel.exe" [2011-04-17 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12	483328	----a-w-	c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 02:28	11989960	----a-w-	c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoEJCD_0ACE20FF]
2011-04-17 19:47	40960	----a-w-	c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-24 22:39	136176	----atw-	c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55	1057328	----a-w-	c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55	54832	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-04-23 00:20	557056	----a-w-	c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10	56928	------w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 13:55	1628208	----a-w-	c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
CTAudSvcService
d-link_st3402
netcfgsvr
msmpsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job
- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]
.
2012-02-25 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-02-24 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2012-02-21 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{6CF365E2-7ACF-4FE6-B1B9-CE1B0AD25921}.job
- c:\windows\system32\msfeedssync.exe [2011-05-19 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -
LSP: mswsock.dll
TCP: Interfaces\{030B40A1-24D1-403A-B65C-A9AA523ED5B1}: NameServer = 212.186.211.21,195.34.133.21
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\mswsock.dll
mswsock.dll     75460000   241664 \\.\globalroot\systemroot\system32\mswsock.dll
.
- - - - - - - > 'Explorer.exe'(3860)
c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ASUS\AASP\1.00.65\aaCenter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-25  14:00:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-25 13:00
ComboFix2.txt  2012-02-25 00:33
ComboFix3.txt  2012-02-24 16:57
.
Vor Suchlauf: 13 Verzeichnis(se), 11.048.517.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.923.144.704 Bytes frei
.
- - End Of File - - EF737E0523B21D0E32798225EDEAC404
--- --- ---
         

Geändert von zion418 (25.02.2012 um 13:31 Uhr)

Alt 27.02.2012, 13:05   #11
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 29.02.2012, 22:59   #12
zion418
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



erstmal danke für deine hilfe!

gmer lässt sich leider nicht mehr ausführen, da ich ein ~3 minuten einen bluescreen erhalte.
ich habe vor mir eine neue festplatte zu kaufen und im zuge dessen auch gleich mit mit betriebssystem auf 64 bit updaten.

meine frage wäre noch; natürlich habe ich noch viele wichtige daten auf meiner alten festplatte,...
kann ich diese dann bedenklos an das neu installierte system hängen um mir meine daten auf die neue platte zu kopieren?

Alt 01.03.2012, 16:16   #13
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Wenn du formatieren willst, habe ich da keine Einwände.

Hoffe dir ist der unterschied zwischen einem 32 und 64 bit OS bekannt.


Ich würde die Externe Platte vorher gründlich mit ein paar Online Scannern durchchecken.
Wenn dir was nicht klar ist, poste die Berichte einfach hier. Nicht alles was gefunden wird, ist wirklich Malware.

Externe Medien nach Infektion und Neuinstallation checken(by Petra)

Der wesentliche Trick bei der Desinfizierung der externen Laufwerke und Sticks besteht darin, dass sie richtig angeschlossen werden müssen. Auf ihnen ist (falls infiziert) eine Datei autorun.inf gespeichert, in der ein Befehl steht, der beim Anschluss ausgeführt wird. Der startet normalerweise eine Datei von dem externen Laufwerk.

Dieser Autorun-Mechanismus wird unterdrückt, wenn Du beim Anschließen des Laufwerks die Shift-Taste (auf Deutsch: die Umschalttaste für die Großbuchstaben) gedrückt hälst. Ich empfehle, dass zur Gewohnheit zu machen. Funktioniert auch beim Einlegen von CDs/DVDs und kann dort schon mal die Installation eines Rootkitkopierschutzes verhindern. Autorun lässt sich in Windows auch deaktivieren: Schau mal hier. Dann brauchst Du nicht ans Tastedrücken denken.

Jedes externe Laufwerk nacheinander anschließen (mit Shift). Wenn infiziert gibt es dort im Hauptverzeichnis eine autorun.inf. Ist eventuell versteckt, kann aber mit den Exploreroptionen von hier sichtbar gemacht werden. Die autorun.inf im Editor öffnen. Da steht drin, was ausgeführt werden soll. Diese ausführbare Datei (meist mit den Endungen .vbs oder .exe) auf dem Laufwerk suchen und löschen, danach die autorun.inf ebenfalls löschen.

Anleitungen: XP Pro - XP Home - Vista (deutsch) - Vista (english).

Anschließend die externen Medien mit mindestens zwei Online-Scannern aus dieser Anleitung durchchecken lassen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.03.2012, 14:26   #14
Larusso
/// Selecta Jahrusso
 
erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Standard

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c
bho, bonjour, converter, dateisystem, document, down, error, excel.exe, firefox, google, helper, heuristiks/extra, heuristiks/shuriken, home, kaspersky, logfile, malerware, mozilla, mp3, object, realtek, recycle.bin, registry, rundll, scan, search the web, security, senden, server, software, starten, studio, tastatur, version=1.0, virus.win32.zaccess.aml, vista, vista 32bit, visual studio



Ähnliche Themen: erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c


  1. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  2. Backdoor.Win32.ZAccess.eqwk / .epsi und HEUR:Exploit.Java.Generic auf meinem Rechner
    Log-Analyse und Auswertung - 26.11.2013 (17)
  3. backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (21)
  4. Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.07.2013 (20)
  5. Virenalarm Win32:ZAccess-PB [Trj]
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (23)
  6. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  7. Backdoor.Win32.ZAccess.uru und weitere
    Log-Analyse und Auswertung - 19.07.2012 (2)
  8. Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph
    Log-Analyse und Auswertung - 10.07.2012 (28)
  9. Rootkit.win32.ZAccess.c
    Log-Analyse und Auswertung - 26.03.2012 (8)
  10. BDS/ZAccess.Q BDS/ZAccess.L - Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (12)
  11. Virus.WIN32.ZAccess.c mit abnow.com
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (6)
  12. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (45)
  13. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden --> SYSTEM NEU AUFSETZEN?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (7)
  14. patchload.a , win32.PMax.gen und win32.ZAccess.e
    Plagegeister aller Art und deren Bekämpfung - 06.11.2011 (10)
  15. Rootkit.Win32.ZAccess.c lässt sich nicht entfernen
    Log-Analyse und Auswertung - 08.09.2011 (7)
  16. Rootkit.Win32.ZAccess.c lässt sich nicht entfernen
    Mülltonne - 02.09.2011 (1)
  17. Trojaner Backdoor.Win32.ZAccess.ob
    Log-Analyse und Auswertung - 25.08.2011 (1)

Zum Thema erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c - Hallo an Alle! Kämpfe seit ein paar Tagen mit dieser Malerware herum, vll kann mir jemand weiterhelfen... Verwende Vista 32Bit SP1 Bekomme die Meldung von Kaspersky Virus.Win32.ZAccess.aml! Nach ein wenig - erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c...
Archiv
Du betrachtest: erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.