| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.02.2012, 00:59
| #1 |
 |  Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? Hallo zusammen, ich bin am verzweifeln! Ich habe mir gestern im Netz wohl einen schlimmen Virus eingefangen und kann per google und Selbstdiagnose jetzt nix mehr ausrichten. Daher wende ich mich vertrauensvoll an dieses Board - ich habe dringend professionelle Hilfe nötig. Hier die Fakten zu meinem Problem: Ich bin mit meinem PC (Win 7) über W-Lan im Netz. Während des surfens (nix wildes, einfach nur Mails checken) ist dann mein Antivirusprogramm Avast! ansgesprungen - mit irgendeiner Warnung. Noch bevor ich checken konnte was los war, hatte ich auch schon einen Bluescreen. Seitdem bekomme ich bei jedem Neustart eine Fehlermeldung Code 10050 von Avast: Mailschutz kann nicht mehr aktiviert werden. Ich kann mich auch nicht mehr mit dem Internet verbinden, ausserdem hat es meinen Druckertreiber zerschossen. Nach langer Recherche habe ich ermitteln können, dass ich es sich wohl um ein Problem mit Rootkit.Zeroaccess handelt, ein extrem schwer zu entfernendes Problem. Es sind wohl registry-einträge verändert/zerstört worden, die eine Internetverbindung unmöglich machen. Leider gibt es auch kein einfaches removal-tool oder dergleichen! Wahrscheinlich muss ich mit mir unbekannten Tools wie Combofix etc. arbeiten. Deswegen bin ich händeringend auf der Suche nach einem Experten zwecks step-by-step Problemdiagnose. Ich poste auch gerne Logs - sofern man sie mir denn nennt und sie sachdienliche Hinweise liefern können! Bitte, bitte helft mir. Ein dickes Dankeschön im Voraus! |
|
07.02.2012, 11:17
| #2 |
| /// Malware-holic   | Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? hi,
__________________du wirst mit nem usb stick arbeiten müssen, um uns die logs zu kopieren. sicherheitsmaßname auf beiden geräten: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de deaktiviere autorun. wenn das erledigt ist, auf dem sauberen pc die programme laden, und auf den infizierten pc damit log erstellen, auf usb stick, und posten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
07.02.2012, 15:08
| #3 |
| | Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? DANKE MARKUSG!
__________________für die schnelle Antwort. Ich habe Deine Anweisungen befolgt und poste im Folgenden die OTL-Logs als Text. Alternativ habe ich auch die TXT-Dateien angehängt. -------------------------------------------------------------------------- [COLOR="Red"]OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.02.2012 14:22:02 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bumblebee\Desktop\QUALBI Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001407 | Country: Liechtenstein | Language: DEC | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 63.97% Memory free 6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910.41 Gb Total Space | 127.32 Gb Free Space | 13.98% Space Free | Partition Type: NTFS Drive D: | 20.00 Gb Total Space | 4.90 Gb Free Space | 24.52% Space Free | Partition Type: NTFS Drive F: | 1.82 Gb Total Space | 1.26 Gb Free Space | 69.25% Space Free | Partition Type: FAT32 Drive G: | 3725.82 Gb Total Space | 379.85 Gb Free Space | 10.20% Space Free | Partition Type: NTFS Computer Name: BUMBLEBEE-PC | User Name: Bumblebee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.07 13:48:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bumblebee\Desktop\QUALBI\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011.11.29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.11.29 20:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bumblebee\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2010.01.07 09:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe PRC - [2009.11.09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe PRC - [2009.08.22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe PRC - [2009.07.27 12:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2002.07.29 21:18:36 | 000,024,576 | ---- | M] () -- C:\Windows\System32\delttray.exe ========== Modules (No Company Name) ========== MOD - [2011.12.21 18:37:51 | 000,115,137 | ---- | M] () -- C:\Users\Bumblebee\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll MOD - [2011.11.29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.11.23 19:08:25 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll MOD - [2011.11.23 19:06:56 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll MOD - [2011.11.23 19:06:48 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll MOD - [2011.11.23 16:25:01 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll MOD - [2011.11.23 16:24:51 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll MOD - [2011.11.23 16:24:48 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll MOD - [2011.11.23 16:24:41 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll MOD - [2011.11.23 16:24:40 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll MOD - [2011.11.23 16:24:38 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll MOD - [2011.11.23 16:24:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll MOD - [2011.11.23 16:24:37 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll MOD - [2011.11.23 16:24:33 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll MOD - [2011.11.23 16:24:27 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.09.22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2009.08.22 11:32:50 | 000,724,992 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2009.08.22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe MOD - [2009.07.27 12:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe MOD - [2008.11.07 21:00:46 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll MOD - [2008.11.07 20:59:08 | 000,131,072 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2002.07.29 21:18:36 | 000,024,576 | ---- | M] () -- C:\Windows\System32\delttray.exe ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.05 14:40:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.07 09:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service) SRV - [2009.11.09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2012.02.07 00:37:14 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.08.19 15:01:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (MySlarez) [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD) DRV - [2011.03.11 07:06:44 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2011.02.23 07:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.01.17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2010.12.18 22:01:54 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.09.07 21:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.05.17 23:25:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.04 09:52:16 | 000,231,016 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV - [2010.01.22 10:20:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT) DRV - [2010.01.13 10:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk) DRV - [2010.01.13 07:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw) DRV - [2010.01.12 08:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010.01.07 10:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNDIS) DRV - [2009.12.23 10:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd) DRV - [2009.10.29 16:23:42 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.10.29 16:23:40 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.10.05 14:10:42 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32) DRV - [2009.08.11 06:46:30 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet) DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2009.07.30 14:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.07.27 12:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.04.29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2007.04.27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2003.07.29 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2002.07.29 21:18:36 | 000,320,896 | ---- | M] (Midiman/M Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.03 13:14:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:02:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.30 11:39:28 | 000,000,000 | ---D | M] [2010.02.18 02:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Extensions [2012.02.01 13:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions [2011.11.22 21:02:34 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} [2011.12.29 00:29:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.26 12:49:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\firefox@ghostery.com [2010.10.19 19:41:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\firefox@tvunetworks.com [2010.11.02 20:42:15 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\uoxvda4w.default\extensions\vshare@toolbar [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\uoxvda4w.default\searchplugins\startsear.xml [2010.11.06 16:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\USERS\BUMBLEBEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UOXVDA4W.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.03 13:14:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.11.18 00:20:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.18 00:20:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.18 00:20:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.18 00:20:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.18 00:20:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.18 00:20:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.05 13:49:53 | 000,432,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 www.virustotal.com O1 - Hosts: 127.0.0.1 virustotal O1 - Hosts: 127.0.0.1 virscan.com O1 - Hosts: 127.0.0.1 www.virscan.com O1 - Hosts: 127.0.0.1 virscan O1 - Hosts: 127.0.0.1 hxxp://virscan.com O1 - Hosts: 127.0.0.1 virustotal O1 - Hosts: 127.0.0.1 virscan O1 - Hosts: 127.0.0.1 hxxp://virusscan.jotti.org/ O1 - Hosts: 127.0.0.1 virusscan.jotti.org/ O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org/ O1 - Hosts: 127.0.0.1 scanner.novirusthanks.org/ O1 - Hosts: 127.0.0.1 hxxp://scanner.novirusthanks.org/ O1 - Hosts: 127.0.0.1 www.scanner.novirusthanks.org/ O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 14911 more lines... O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [DeltTray] C:\Windows\System32\delttray.exe () O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\Windows\System32\TWEAKUI.CPL (Brummelchen@gmx.at) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bumblebee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{284eec60-1c26-11df-9626-1c4bd6285a3b}\Shell - "" = AutoRun O33 - MountPoints2\{284eec60-1c26-11df-9626-1c4bd6285a3b}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{284eec66-1c26-11df-9626-1c4bd6285a3b}\Shell - "" = AutoRun O33 - MountPoints2\{284eec66-1c26-11df-9626-1c4bd6285a3b}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{30f00fa8-51df-11df-99b7-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{30f00fa8-51df-11df-99b7-4061864d35d2}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{4430d990-e80b-11df-8a53-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{4430d990-e80b-11df-8a53-4061864d35d2}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE O33 - MountPoints2\{6674276b-1e41-11df-8a8f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6674276b-1e41-11df-8a8f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{72fad9d0-6129-11df-aae6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{72fad9d0-6129-11df-aae6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{805ee4c4-7268-11df-a9d4-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{805ee4c4-7268-11df-a9d4-4061864d35d2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9c9a91c0-36a8-11e0-9528-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{9c9a91c0-36a8-11e0-9528-4061864d35d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{9ceea5db-1fed-11df-b340-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{9ceea5db-1fed-11df-b340-4061864d35d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9ceea5e1-1fed-11df-b340-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{9ceea5e1-1fed-11df-b340-4061864d35d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ad697231-828e-11df-93ad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ad697231-828e-11df-93ad-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{e73423ff-e5ae-11df-ba7a-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{e73423ff-e5ae-11df-ba7a-4061864d35d2}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE O33 - MountPoints2\{ebc80afe-044c-11e0-a519-4061864d35d2}\Shell - "" = AutoRun O33 - MountPoints2\{ebc80afe-044c-11e0-a519-4061864d35d2}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8CB346C3-19C1-4342-8A47-F5F00C2DA62E} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DeltTray - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Getting started with MacDrive 8 - hkey= - key= - C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation) MsConfig - StartUpReg: MacDrive 8 application - hkey= - key= - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.07 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\QUALBI [2012.02.07 00:37:13 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012.02.06 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\AppData\Roaming\Malwarebytes [2012.02.06 15:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.06 15:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.06 15:16:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.06 15:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.26 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\ELKE [2012.01.26 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\HOTDOCS [2012.01.26 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\Wanlov The Kubolor - African Gypsy [2012.01.24 15:43:32 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [2012.01.24 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode [2012.01.21 19:57:44 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\HUGOBOSS [2012.01.20 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Documents\CardRecovery [2012.01.20 21:16:08 | 000,000,000 | ---D | C] -- C:\Avid MediaFiles [2012.01.20 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZAR [2012.01.20 20:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Convar [2012.01.20 19:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies [2012.01.20 19:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Partition Recovery [2012.01.20 19:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\RescuePRO Deluxe [2012.01.17 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\SanFranciscoFestival [2012.01.16 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Bumblebee\Desktop\KOCHSHOW [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Users\Bumblebee\AppData\Roaming\*.tmp files -> C:\Users\Bumblebee\AppData\Roaming\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.07 14:15:00 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.07 14:15:00 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.07 14:15:00 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.07 14:15:00 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.07 14:03:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 14:03:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 13:56:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.07 13:56:14 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2012.02.07 02:52:28 | 002,168,507 | ---- | M] () -- C:\Users\Bumblebee\Desktop\SEITE_4.jpg [2012.02.07 00:37:14 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012.02.06 15:16:33 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.06 13:49:09 | 402,526,681 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.05 18:43:47 | 000,049,081 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Steuer.pdf [2012.02.03 15:14:00 | 000,921,472 | ---- | M] () -- C:\Users\Bumblebee\Desktop\SONOR press sheet.pdf [2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss [2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll [2012.01.31 16:11:02 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat [2012.01.30 14:30:41 | 000,281,415 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Tribecca.pdf [2012.01.30 09:05:58 | 033,970,736 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Poppin Biaaatch.wav [2012.01.24 16:04:31 | 015,971,416 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Rapper Dapper Snapper.mp3 [2012.01.23 16:13:04 | 006,258,686 | ---- | M] () -- C:\Users\Bumblebee\Desktop\BassSkizze.wav [2012.01.22 17:45:29 | 008,318,640 | ---- | M] () -- C:\Users\Bumblebee\Desktop\Poppin REDUCED.mp3 [2012.01.22 15:40:28 | 004,446,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.20 23:08:14 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.01.20 19:06:05 | 000,000,093 | ---- | M] () -- C:\Users\Bumblebee\rpdeluxe.properties [2012.01.17 11:35:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.01.11 23:33:04 | 000,000,816 | ---- | M] () -- C:\Users\Bumblebee\Adobe Encore_AME.pref [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Users\Bumblebee\AppData\Roaming\*.tmp files -> C:\Users\Bumblebee\AppData\Roaming\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 14:14:08 | 002,168,507 | ---- | C] () -- C:\Users\Bumblebee\Desktop\SEITE_4.jpg [2012.02.06 15:16:33 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.05 18:43:47 | 000,049,081 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Steuer.pdf [2012.02.03 15:14:00 | 000,921,472 | ---- | C] () -- C:\Users\Bumblebee\Desktop\SONOR press sheet.pdf [2012.01.30 16:18:24 | 033,970,736 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Poppin Biaaatch.wav [2012.01.30 14:30:41 | 000,281,415 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Tribecca.pdf [2012.01.23 16:31:23 | 006,258,686 | ---- | C] () -- C:\Users\Bumblebee\Desktop\BassSkizze.wav [2012.01.22 17:45:15 | 008,318,640 | ---- | C] () -- C:\Users\Bumblebee\Desktop\Poppin REDUCED.mp3 [2012.01.20 19:04:37 | 000,000,093 | ---- | C] () -- C:\Users\Bumblebee\rpdeluxe.properties [2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.11.26 15:41:50 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.11.26 15:41:50 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.11.23 18:34:55 | 005,206,016 | ---- | C] () -- C:\Windows\System32\mkl_genarts.dll [2011.11.18 14:28:35 | 000,000,623 | ---- | C] () -- C:\Windows\System32\W_DEBUG.DAT [2011.11.18 14:03:04 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI [2011.11.17 16:30:50 | 000,174,648 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.10.12 12:14:53 | 004,446,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.12 11:06:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.07.01 01:44:55 | 000,016,384 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\uoxvda4w.default.dat [2011.06.06 11:16:36 | 000,000,132 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.04.28 17:49:40 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.04.26 15:26:01 | 000,007,602 | ---- | C] () -- C:\Users\Bumblebee\AppData\Local\Resmon.ResmonCfg [2011.04.26 01:28:33 | 000,001,716 | -HS- | C] () -- C:\Windows\E88D4.exe [2011.04.24 19:45:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.04.21 18:01:15 | 000,000,210 | ---- | C] () -- C:\Windows\MSUTIL.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.16 19:58:11 | 000,004,388 | ---- | C] () -- C:\Windows\cool.ini [2011.02.16 19:56:41 | 000,082,398 | ---- | C] () -- C:\Windows\c96unins.exe [2010.12.08 04:22:56 | 000,000,140 | ---- | C] () -- C:\Windows\MrSetup.ini [2010.11.21 01:47:41 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2010.11.13 20:47:00 | 000,000,562 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.10.15 07:15:30 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2010.10.15 07:13:39 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2010.10.15 07:13:39 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2010.10.15 02:41:39 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll [2010.10.15 02:41:39 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.10.05 11:51:48 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.16 22:55:52 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.10 11:23:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.10 00:50:58 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll [2010.03.08 21:54:20 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll [2010.03.08 18:50:03 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll [2010.02.24 19:07:17 | 000,024,576 | ---- | C] () -- C:\Windows\System32\delttray.exe [2010.02.24 17:21:25 | 001,900,132 | ---- | C] () -- C:\Windows\System32\ExpansionHD_Firmware.bin [2010.02.24 17:21:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\DigiPlatformSupport.dll [2010.02.23 00:34:19 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini [2010.02.20 21:13:42 | 000,014,336 | ---- | C] () -- C:\Users\Bumblebee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.20 18:21:49 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2010.02.18 19:09:34 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.18 04:25:01 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.18 04:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.02.18 04:25:00 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.18 04:25:00 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.18 04:24:59 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.18 03:29:55 | 000,000,000 | ---- | C] () -- C:\Users\Bumblebee\AppData\Roaming\wklnhst.dat [2009.10.26 11:30:48 | 000,122,880 | ---- | C] () -- C:\Windows\System32\PtSSE2.dll [2009.10.26 11:30:46 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2009.10.26 10:47:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\ntrights.exe [2009.10.15 14:09:13 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2009.10.15 14:09:12 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2009.10.15 14:07:08 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2009.10.15 14:05:40 | 000,000,042 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2009.10.07 12:59:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.10.05 16:02:37 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2009.10.05 16:02:37 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin [2009.10.05 14:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\System32\libmmd.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.27 12:44:58 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe [2009.07.14 09:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2003.07.29 10:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000050.DLL ========== LOP Check ========== [2011.12.19 15:50:08 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ameCache [2010.03.08 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Audio Ease [2010.03.08 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Avid [2011.11.28 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\DAEMON Tools Lite [2012.02.06 01:08:18 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Dropbox [2011.12.01 14:19:56 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\FileZilla [2011.04.12 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\GetRightToGo [2011.09.17 22:39:26 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Kalypso Media [2011.07.01 00:08:13 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\kock [2010.11.08 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Leadertech [2010.12.18 23:21:40 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\MPEG Streamclip [2010.03.08 16:11:25 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\PACE Anti-Piracy [2010.08.04 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\PCToolsFirewallPlus [2010.12.18 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Pegasys Inc [2011.09.17 16:54:03 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ProtectDISC [2010.08.04 14:15:05 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Registry Mechanic [2011.06.05 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 [2011.12.21 18:37:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Samsung [2011.08.17 16:46:57 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\SorensonMedia [2010.03.08 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Steinberg [2010.03.29 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\TeamViewer [2011.12.21 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Temp [2010.02.18 03:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Template [2011.09.30 11:39:57 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\Thunderbird [2011.07.08 20:27:01 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\UAs [2011.11.22 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\VshareComplete [2010.05.18 00:42:15 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\VST3 Presets [2010.08.23 11:22:20 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\X10Receiver.NET [2011.07.13 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\Bumblebee\AppData\Roaming\xmldm [2011.11.29 01:43:58 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.02.07 13:56:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.18 01:44:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.01.20 21:16:08 | 000,000,000 | ---D | M] -- C:\Avid MediaFiles [2011.08.05 17:54:12 | 000,000,000 | ---D | M] -- C:\Avid MediaFiles_AVENTERRA [2011.06.05 19:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2010.02.18 01:44:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.20 12:01:07 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.02.06 15:16:31 | 000,000,000 | ---D | M] -- C:\Program Files [2012.02.06 15:16:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.02.18 01:44:33 | 000,000,000 | -HSD | M] -- C:\Programme [2010.02.18 01:44:33 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.07 14:24:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.26 23:37:51 | 000,000,000 | ---D | M] -- C:\temp [2010.02.18 01:44:39 | 000,000,000 | R--D | M] -- C:\Users [2011.02.10 05:09:07 | 000,000,000 | ---D | M] -- C:\W [2012.02.07 13:57:32 | 000,000,000 | ---D | M] -- C:\Windows [2011.07.01 01:44:54 | 000,000,000 | ---D | M] -- C:\xmldm < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\Bumblebee\INSTALL\driver\Mainboard\nForce_5.10_WinXP2K_WHQL_international\IDE\Win2K\NvAtaBus.sys [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\Bumblebee\INSTALL\driver\Mainboard\nForce_5.10_WinXP2K_WHQL_international\IDE\WinXP\NvAtaBus.sys < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.17 23:25:03 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.01.11 23:33:04 | 000,000,816 | ---- | M] () -- C:\Users\Bumblebee\Adobe Encore_AME.pref [2012.02.07 14:24:30 | 008,126,464 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT [2012.02.07 14:24:29 | 000,262,144 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.dat.LOG1 [2010.02.18 01:44:40 | 000,000,000 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.dat.LOG2 [2010.02.18 05:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.02.18 05:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.02.18 05:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bumblebee\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.02.18 01:44:40 | 000,000,020 | -HS- | M] () -- C:\Users\Bumblebee\ntuser.ini [2012.01.20 19:06:05 | 000,000,093 | ---- | M] () -- C:\Users\Bumblebee\rpdeluxe.properties < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB45060$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 982 bytes -> C:\ProgramData\Microsoft:5pcTG5RJILVCyIN8fgMvJ6 @Alternate Data Stream - 928 bytes -> C:\ProgramData\Microsoft:UNW1ojoe5fAHcNhMSGY @Alternate Data Stream - 16 bytes -> C:\ProgramData\Tiffen:0C789544-1548-4951-80B9-E0C29DB5ECBD @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1 @Alternate Data Stream - 1113 bytes -> C:\ProgramData\Microsoft:ZTpUZo03XpU5WqpWh6o2 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C31F31E6 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > -------------------------------------------------------------------------- [COLOR="SeaGreen"]OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.02.2012 14:22:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bumblebee\Desktop\QUALBI
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001407 | Country: Liechtenstein | Language: DEC | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 63.97% Memory free
6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910.41 Gb Total Space | 127.32 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 4.90 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive F: | 1.82 Gb Total Space | 1.26 Gb Free Space | 69.25% Space Free | Partition Type: FAT32
Drive G: | 3725.82 Gb Total Space | 379.85 Gb Free Space | 10.20% Space Free | Partition Type: NTFS
Computer Name: BUMBLEBEE-PC | User Name: Bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E6B352F-F91D-43E6-8BB6-B772C32E83A9}" = Avid Media Composer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4b7ec652-b6b2-4868-97ef-af5f9c59ba0d}" = Nero 9 Trial
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.0
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7066F2DB-5032-4B6F-A8E7-A6F946043438}" = Adobe Setup
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F0E4311-D46D-456E-97CC-44F7E331DE66}" = Sorenson Squeeze 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D05F67B-EDFD-449A-9220-78A98CCECFC4}" = Dfx for Avid
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B705AA09-2E48-4095-904C-F6CE8B97DEF6}" = Active@ Partition Recovery
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAECE08E-4DEE-4164-A92A-3521C84C3B5A}" = MacDrive 8
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_85df662426fa6bb25f7d596f4d1b2a2" = Adobe Encore CS3
"Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"AudioEase Speakersphone VST RTAS_is1" = AudioEase Speakersphone VST RTAS v1.03
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dfx for Avid" = Dfx for Avid
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"emagic EXSP24 VST-PlugIn" = emagic EXSP24 VST-PlugIn
"FileZilla Client" = FileZilla Client 3.5.2
"Foxit PDF Editor" = Foxit PDF Editor
"GenArts Sapphire Plug-ins for Avid AVX_v3_is1" = GenArts Sapphire Plug-ins 3.04 for Avid AVX Products
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird (7.0)" = Mozilla Thunderbird (7.0)
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments ElektrikPiano" = Native Instruments ElektrikPiano (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oddity VST2" = GMediaMusic - Oddity VST2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rainlendar2" = Rainlendar2 (remove only)
"RapidShare Manager" = RapidShare Manager
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steinberg Cubase_is1" = Steinberg Cubase v4.1.3
"Steinberg Magneto VST v1.5" = Steinberg Magneto VST v1.5
"Trilogy_is1" = Trilogy
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"WaveLabPro" = WaveLab 6
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f58f3889281ea80b" = ContainerEx Decrypter
"MyFreeCodec" = MyFreeCodec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.06.2011 21:02:59 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 14.06.2011 19:24:21 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 14.06.2011 20:43:30 | Computer Name = Bumblebee-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 14.06.2011 21:01:57 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.06.2011 21:03:57 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 15.06.2011 19:16:14 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avid\Avid
Media Composer\SupportingFiles\WindowsDrivers\DXDriver\DPInst_x64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.06.2011 19:18:47 | Computer Name = Bumblebee-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ Media Center Events ]
Error - 03.02.2012 09:03:55 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.02.2012 09:03:55 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.02.2012 09:03:56 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:55 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.02.2012 09:03:56 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:56 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.02.2012 09:04:02 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 14:03:56 - EpgListings konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - ClientUpdate konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 04.02.2012 13:33:32 | Computer Name = Bumblebee-PC | Source = MCUpdate | ID = 0
Description = 18:33:32 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
[ System Events ]
Error - 07.02.2012 08:56:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server-SMB-Treiber 1.xxx" ist vom Dienst "Server-SMB-Treiber
2.xxx" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.02.2012 08:56:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Server-SMB-Treiber 1.xxx" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = DCOM | ID = 10005
Description =
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%22
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SSDP-Suche" ist vom Dienst "HTTP" abhängig, der aufgrund
folgenden Fehlers nicht gestartet wurde: %%22
Error - 07.02.2012 08:57:42 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "UPnP-Gerätehost" ist vom Dienst "HTTP" abhängig, der aufgrund
folgenden Fehlers nicht gestartet wurde: %%22
Error - 07.02.2012 08:58:53 | Computer Name = Bumblebee-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952450.
Error - 07.02.2012 08:58:53 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014846.
Error - 07.02.2012 08:58:55 | Computer Name = Bumblebee-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014846
Error - 07.02.2012 09:11:07 | Computer Name = Bumblebee-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
|
|
07.02.2012, 15:47
| #4 |
| /// Malware-holic | Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess? hi öffne malwarebytes, logdateien, poste alle berichte. also auf nen stick kopieren und posten :-) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat ()
:Files
C:\Users\Bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Linear-Darstellung
