|
Log-Analyse und Auswertung: Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.01.2012, 17:32 | #1 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hallo, gestern hab ich klugerweise einen Mail Anhang (exe) ausgeführt (Mail Betreff: DHL Express Notification). Ja ich weiß, sollte man nicht machen, hab aber im Brass exe überlesen!-(( Beim Doppelklick wurde es mir aber bewußt und ich hab den Rechner innerhalb von ca. 3 Minuten vom Netz getrennt. Mit einem anderen Rechner hab ich mir 2 Live CDs gemacht: Bitdefender und Windows Defender Offline. Bitdefender hat nichts gefunden (Begeisterung läuft nämlich auch als Total Security 2012 auf meinem System:-((( - Windows Defender hat mehrere Trojaner gefunden und entfernt: Win32/Bublik.b versteckte sich scheinbar in der ausgeführten exe und 3 weitere waren in Profilsicherungen von Thunderbird, die Namen hab ich allerdings vergessen. Die Frage ist jetzt, war das alles oder versteckt sich bei mir noch mehr? Defogger und OTL Ergebnisse habe ich angehängt. Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:41 on 25/01/2012 (Rums) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Vielen Dank schon mal im Voraus!!! |
25.01.2012, 20:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
26.01.2012, 11:27 | #3 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hallo Cosinus,
__________________erst mal Danke für die schnelle Antwort! Ich habe alles durchlaufen lassen und es wurde nichts mehr gefunden!-) Hier sind die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.26.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rums :: Rums [Administrator] 26.01.2012 07:17:55 mbam-log-2012-01-26 (07-17-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 319084 Laufzeit: 36 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=27e6e4f389fa6547ad66655c6e7d59e2 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-26 09:12:22 # local_time=2012-01-26 10:12:22 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 5523460 79192853 0 0 # compatibility_mode=8192 67108863 100 0 3740 3740 0 0 # scanned=137947 # found=0 # cleaned=0 # scan_time=6138 |
26.01.2012, 16:14 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?Zitat:
ESET und Malwarebytes haben ja nichts mehr gefunden!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.01.2012, 16:44 | #5 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hallo Cosinus, gefunden und entfernt wurden sie mit einer Windows Defender live cd Code:
ATTFilter ERRORS_ONLY=0 MAX_SIZE=5120 APPEND=1 MAX_LINE_SIZE=256 ------------------------------------------------- START 2012/01/25 09:57:40:601 TID:836 PID:784 INFO 2012/01/25 09:57:40:601 TID:836 PID:784 Binary architecture is amd64 INFO 2012/01/25 09:57:40:616 TID:836 PID:784 UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000 INFO 2012/01/25 09:57:40:616 TID:836 PID:784 CheckProcessorArchitecture returned 0x00000000 INFO 2012/01/25 09:57:40:616 TID:836 PID:784 SetRecoveryEnvironmentKey returned 0x00000000 INFO 2012/01/25 09:57:40:616 TID:836 PID:784 GetSystemSweeperPath returned 0x00000000 INFO 2012/01/25 09:57:40:616 TID:836 PID:784 Windows Defender Offline Directory = 'x:\Program Files\Microsoft Security Client' WARNING 2012/01/25 09:57:40:616 TID:836 PID:784 Missing definitions file in 'C:\mpam-fex64.exe' WARNING 2012/01/25 09:57:40:616 TID:836 PID:784 Missing definitions file in 'D:\mpam-fex64.exe' WARNING 2012/01/25 09:57:40:616 TID:836 PID:784 Missing definitions file in 'E:\mpam-fex64.exe' WARNING 2012/01/25 09:57:40:632 TID:836 PID:784 Missing definitions file in 'F:\mpam-fex64.exe' INFO 2012/01/25 09:57:40:632 TID:836 PID:784 Found definitions file in 'G:\mpam-fex64.exe' INFO 2012/01/25 09:57:40:632 TID:836 PID:784 Signatures File Target = 'x:\Program Files\Microsoft Security Client\mpam-fe.exe' INFO 2012/01/25 09:57:57:683 TID:836 PID:784 CopySignatureFile returned 0x00000000 INFO 2012/01/25 12:53:01:041 TID:836 PID:784 RunCallisto returned 0x00000000 FINISH 2012/01/25 12:53:01:041 TID:788 PID:784 START 2012/01/25 12:55:57:024 TID:840 PID:784 INFO 2012/01/25 12:55:57:024 TID:840 PID:784 Binary architecture is amd64 INFO 2012/01/25 12:55:57:055 TID:840 PID:784 UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000 INFO 2012/01/25 12:55:57:055 TID:840 PID:784 CheckProcessorArchitecture returned 0x00000000 INFO 2012/01/25 12:55:57:055 TID:840 PID:784 SetRecoveryEnvironmentKey returned 0x00000000 INFO 2012/01/25 12:55:57:055 TID:840 PID:784 GetSystemSweeperPath returned 0x00000000 INFO 2012/01/25 12:55:57:055 TID:840 PID:784 Diese Logdatei habe ich dazu gefunden. |
26.01.2012, 17:16 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Da geht leider nicht wirklich raus hervor, was denn nun gefunden wurde
__________________ --> Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? |
26.01.2012, 17:36 | #7 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Ich kann dir leider nicht mehr liefern, den einzigen Namen den ich mir aufgeschrieben hatte war dieser: Win32/Bublik.B. Gefunden in dem Mail Anhang und in einer Windows Datei. Kann denn trotzdem noch was irgendwo laufen? Oder ist die Wahrscheinlichkeit nach den Scans eher gering? Ist es zu empfehlen Malewarebytes Pro zu kaufen und neben Bitdefender Total Security laufen zu lassen, oder behindern die sich dann gegenseitig? Fragen über Fragen?-)) |
26.01.2012, 18:47 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2012, 11:02 | #9 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hallo cosinus, hier ist das Ergebnis: Code:
ATTFilter OTL logfile created on: 27.01.2012 09:41:15 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,80% Memory free 15,95 Gb Paging File | 14,00 Gb Available in Paging File | 87,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,90 Gb Total Space | 21,52 Gb Free Space | 35,92% Space Free | Partition Type: NTFS Drive D: | 171,90 Gb Total Space | 147,61 Gb Free Space | 85,87% Space Free | Partition Type: NTFS Computer Name: Rums | User Name: Rums | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.25 15:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe PRC - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe PRC - [2011.08.24 14:42:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe PRC - [2009.12.15 17:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe PRC - [2009.12.15 17:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.28 17:49:50 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox) SRV:64bit: - [2011.12.28 17:49:46 | 001,950,448 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2011.12.28 17:49:25 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.11.23 13:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR) SRV - [2011.10.14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service) SRV - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.09 15:05:39 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.12.02 15:42:22 | 000,685,192 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2011.12.02 15:42:22 | 000,543,528 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2011.12.02 15:42:21 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.29 15:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010.05.15 15:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.02.12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV - [2011.11.24 11:34:30 | 000,028,632 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\virtualdisk.sys -- (vrtldskdrv) DRV - [2011.11.22 17:42:54 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2011.11.22 17:42:53 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.23 16:01:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 10:52:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.18 09:39:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M] [2011.11.21 22:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rums\AppData\Roaming\mozilla\Extensions [2012.01.23 16:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.23 16:01:27 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.27 20:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.01.23 16:01:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.23 16:01:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.23 16:01:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.23 16:01:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.23 16:01:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.23 16:01:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCC4906-9D72-4113-87AC-B5DC70F4D7D0}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.26 16:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.26 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Secunia PSI [2012.01.26 16:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.01.26 07:17:15 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\Malwarebytes [2012.01.25 18:57:57 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.01.25 18:57:40 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline [2012.01.25 16:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.25 16:58:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.13 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Jajuk [2012.01.13 13:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\inkscape [2012.01.13 13:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2012.01.13 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\ElevatedDiagnostics [2012.01.12 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Telekom [2012.01.12 13:44:51 | 000,216,856 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll [2012.01.12 13:44:51 | 000,187,672 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll [2012.01.12 13:44:51 | 000,155,416 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll [2012.01.12 13:44:51 | 000,139,032 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll [2012.01.12 13:44:50 | 000,318,152 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys [2012.01.12 13:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom [2012.01.12 13:44:35 | 000,308,736 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\DTAG.Mediencenter.ShellExtension.dll [2012.01.12 13:44:32 | 003,897,744 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\Mediencenter_Uninstall.exe [2012.01.12 13:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom [2012.01.10 09:12:26 | 000,000,000 | ---D | C] -- C:\BDLOGS ========== Files - Modified Within 30 Days ========== [2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.27 09:34:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.27 09:34:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.27 09:34:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.27 09:34:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.27 09:34:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.27 09:29:48 | 000,324,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.27 09:29:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.27 09:29:23 | 2127,572,991 | -HS- | M] () -- C:\hiberfil.sys [2012.01.25 15:41:26 | 000,000,000 | ---- | M] () -- C:\Users\Rums\defogger_reenable [2012.01.25 14:02:35 | 000,000,269 | -H-- | M] () -- C:\bdr-conf [2012.01.18 09:39:38 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.01.13 13:46:06 | 000,000,765 | ---- | M] () -- C:\Users\Rums\.recently-used.xbel [2012.01.12 13:47:52 | 000,000,021 | ---- | M] () -- C:\Users\Rums\AppData\Local\mc.pixel.data [2012.01.12 13:44:46 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk [2012.01.12 13:44:46 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk [2012.01.09 13:29:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011.12.28 11:00:43 | 000,001,528 | ---- | M] () -- C:\Users\Rums\Desktop\AudialsOne 9 USB starten.lnk ========== Files Created - No Company Name ========== [2012.01.26 16:07:38 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.01.25 15:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Rums\defogger_reenable [2012.01.18 09:39:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.01.13 13:46:06 | 000,000,765 | ---- | C] () -- C:\Users\Rums\.recently-used.xbel [2012.01.13 13:41:07 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2012.01.12 13:47:51 | 000,000,021 | ---- | C] () -- C:\Users\Rums\AppData\Local\mc.pixel.data [2012.01.12 13:44:46 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk [2012.01.12 13:44:46 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk [2011.11.23 08:50:53 | 000,007,633 | ---- | C] () -- C:\Users\Rums\AppData\Local\Resmon.ResmonCfg [2011.11.22 00:04:59 | 000,416,926 | ---- | C] () -- C:\ProgramData\1321915346.bdinstall.bin [2011.11.21 22:10:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.21 22:10:29 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.11.21 22:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2009.12.15 17:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe [2009.12.15 17:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe [2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009.02.22 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll [2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll [2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll ========== LOP Check ========== [2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender [2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape [2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware [2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5 [2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan [2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird [2009.07.14 06:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Adobe [2011.11.21 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\ATI [2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender [2011.11.21 21:49:04 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Identities [2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape [2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware [2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Macromedia [2012.01.26 07:17:15 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Media Center Programs [2011.11.29 15:29:33 | 000,000,000 | --SD | M] -- C:\Users\Rums\AppData\Roaming\Microsoft [2011.11.22 01:25:41 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Mozilla [2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5 [2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan [2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird < %APPDATA%\*.exe /s > [2011.11.29 15:29:33 | 000,088,102 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{10EBB586-D21E-60CA-0856-AA753EBE1F16}\ARPPRODUCTICON.exe [2011.12.28 11:00:42 | 000,188,478 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\AudialsOne_installer.exe [2011.12.28 11:00:42 | 000,230,164 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext.exe [2011.12.28 11:00:42 | 000,229,348 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_1.exe [2011.12.28 11:00:42 | 000,233,135 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_2.exe [2011.12.28 11:00:41 | 000,014,534 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\SystemFolder_msiexec.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2011.10.14 22:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
27.01.2012, 12:53 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2012, 13:37 | #11 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hier das Log vom TDSS-Killer: Code:
ATTFilter 13:28:37.0488 5628 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 13:28:39.0500 5628 ============================================================ 13:28:39.0500 5628 Current date / time: 2012/01/27 13:28:39.0500 13:28:39.0500 5628 SystemInfo: 13:28:39.0500 5628 13:28:39.0500 5628 OS Version: 6.1.7601 ServicePack: 1.0 13:28:39.0500 5628 Product type: Workstation 13:28:39.0500 5628 ComputerName: Rums 13:28:39.0500 5628 UserName: Rums 13:28:39.0500 5628 Windows directory: C:\Windows 13:28:39.0500 5628 System windows directory: C:\Windows 13:28:39.0500 5628 Running under WOW64 13:28:39.0500 5628 Processor architecture: Intel x64 13:28:39.0500 5628 Number of processors: 4 13:28:39.0500 5628 Page size: 0x1000 13:28:39.0500 5628 Boot type: Normal boot 13:28:39.0500 5628 ============================================================ 13:28:41.0981 5628 Drive \Device\Harddisk0\DR0 - Size: 0x39F98E0000 (231.90 Gb), SectorSize: 0x200, Cylinders: 0x7640, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:28:42.0059 5628 Initialize success 13:29:02.0542 3968 ============================================================ 13:29:02.0542 3968 Scan started 13:29:02.0542 3968 Mode: Manual; SigCheck; TDLFS; 13:29:02.0542 3968 ============================================================ 13:29:06.0005 3968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:29:06.0130 3968 1394ohci - ok 13:29:06.0176 3968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:29:06.0208 3968 ACPI - ok 13:29:06.0239 3968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:29:06.0332 3968 AcpiPmi - ok 13:29:06.0410 3968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:29:06.0442 3968 adp94xx - ok 13:29:06.0473 3968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:29:06.0488 3968 adpahci - ok 13:29:06.0504 3968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:29:06.0504 3968 adpu320 - ok 13:29:06.0582 3968 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 13:29:06.0629 3968 AFD - ok 13:29:06.0691 3968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:29:06.0722 3968 agp440 - ok 13:29:06.0769 3968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:29:06.0800 3968 aliide - ok 13:29:06.0863 3968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:29:06.0894 3968 amdide - ok 13:29:06.0910 3968 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 13:29:07.0066 3968 amdiox64 - ok 13:29:07.0128 3968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:29:07.0190 3968 AmdK8 - ok 13:29:07.0424 3968 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys 13:29:07.0674 3968 amdkmdag - ok 13:29:07.0752 3968 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys 13:29:07.0799 3968 amdkmdap - ok 13:29:07.0861 3968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:29:07.0908 3968 AmdPPM - ok 13:29:07.0986 3968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:29:08.0002 3968 amdsata - ok 13:29:08.0033 3968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:29:08.0064 3968 amdsbs - ok 13:29:08.0080 3968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:29:08.0111 3968 amdxata - ok 13:29:08.0189 3968 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 13:29:08.0220 3968 AODDriver4.01 - ok 13:29:08.0298 3968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:29:08.0360 3968 AppID - ok 13:29:08.0438 3968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:29:08.0454 3968 arc - ok 13:29:08.0470 3968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:29:08.0485 3968 arcsas - ok 13:29:08.0501 3968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:29:08.0610 3968 AsyncMac - ok 13:29:08.0688 3968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:29:08.0704 3968 atapi - ok 13:29:08.0797 3968 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys 13:29:08.0813 3968 AtiHDAudioService - ok 13:29:08.0875 3968 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys 13:29:08.0906 3968 AtiPcie - ok 13:29:09.0000 3968 avc3 (e275a45da5e9e6f043c47c245a9007aa) C:\Windows\system32\DRIVERS\avc3.sys 13:29:09.0031 3968 avc3 - ok 13:29:09.0094 3968 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys 13:29:09.0125 3968 avchv - ok 13:29:09.0203 3968 avckf (3c64d0e61572bfe2c5c2beb8cb850d5b) C:\Windows\system32\DRIVERS\avckf.sys 13:29:09.0250 3968 avckf - ok 13:29:09.0343 3968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:29:09.0390 3968 b06bdrv - ok 13:29:09.0468 3968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:29:09.0515 3968 b57nd60a - ok 13:29:09.0608 3968 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys 13:29:09.0624 3968 BdfNdisf - ok 13:29:09.0702 3968 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys 13:29:09.0733 3968 bdfsfltr - ok 13:29:09.0796 3968 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys 13:29:09.0811 3968 bdfwfpf - ok 13:29:10.0030 3968 bdsandbox (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys 13:29:10.0045 3968 bdsandbox - ok 13:29:10.0092 3968 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys 13:29:10.0123 3968 BDVEDISK - ok 13:29:10.0170 3968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:29:10.0248 3968 Beep - ok 13:29:10.0295 3968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:29:10.0326 3968 blbdrive - ok 13:29:10.0373 3968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:29:10.0420 3968 bowser - ok 13:29:10.0451 3968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:29:10.0529 3968 BrFiltLo - ok 13:29:10.0560 3968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:29:10.0607 3968 BrFiltUp - ok 13:29:10.0669 3968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:29:10.0716 3968 Brserid - ok 13:29:10.0794 3968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:29:10.0825 3968 BrSerWdm - ok 13:29:10.0903 3968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:29:10.0934 3968 BrUsbMdm - ok 13:29:11.0012 3968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:29:11.0044 3968 BrUsbSer - ok 13:29:11.0059 3968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:29:11.0090 3968 BTHMODEM - ok 13:29:11.0168 3968 cbfs3 (133aaf85c55d25766ffb7b1f0b85bb8f) C:\Windows\system32\drivers\cbfs3.sys 13:29:11.0200 3968 cbfs3 - ok 13:29:11.0231 3968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:29:11.0262 3968 cdfs - ok 13:29:11.0309 3968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 13:29:11.0356 3968 cdrom - ok 13:29:11.0434 3968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:29:11.0496 3968 circlass - ok 13:29:11.0558 3968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:29:11.0605 3968 CLFS - ok 13:29:11.0668 3968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:29:11.0714 3968 CmBatt - ok 13:29:11.0730 3968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:29:11.0761 3968 cmdide - ok 13:29:11.0777 3968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:29:11.0808 3968 CNG - ok 13:29:11.0839 3968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:29:11.0855 3968 Compbatt - ok 13:29:11.0886 3968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:29:11.0933 3968 CompositeBus - ok 13:29:11.0980 3968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:29:11.0995 3968 crcdisk - ok 13:29:12.0073 3968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:29:12.0120 3968 DfsC - ok 13:29:12.0167 3968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:29:12.0229 3968 discache - ok 13:29:12.0276 3968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:29:12.0307 3968 Disk - ok 13:29:12.0338 3968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:29:12.0370 3968 drmkaud - ok 13:29:12.0385 3968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:29:12.0416 3968 DXGKrnl - ok 13:29:12.0494 3968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:29:12.0588 3968 ebdrv - ok 13:29:12.0682 3968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:29:12.0728 3968 elxstor - ok 13:29:12.0775 3968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:29:12.0806 3968 ErrDev - ok 13:29:12.0853 3968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:29:12.0916 3968 exfat - ok 13:29:12.0947 3968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:29:13.0025 3968 fastfat - ok 13:29:13.0087 3968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:29:13.0134 3968 fdc - ok 13:29:13.0196 3968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:29:13.0228 3968 FileInfo - ok 13:29:13.0243 3968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:29:13.0306 3968 Filetrace - ok 13:29:13.0352 3968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:29:13.0384 3968 flpydisk - ok 13:29:13.0430 3968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:29:13.0462 3968 FltMgr - ok 13:29:13.0493 3968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:29:13.0508 3968 FsDepends - ok 13:29:13.0540 3968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 13:29:13.0540 3968 Fs_Rec - ok 13:29:13.0586 3968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:29:13.0618 3968 fvevol - ok 13:29:13.0649 3968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:29:13.0664 3968 gagp30kx - ok 13:29:13.0680 3968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:29:13.0711 3968 hcw85cir - ok 13:29:13.0789 3968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 13:29:13.0836 3968 HdAudAddService - ok 13:29:13.0883 3968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:29:13.0930 3968 HDAudBus - ok 13:29:13.0945 3968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:29:13.0976 3968 HidBatt - ok 13:29:14.0023 3968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:29:14.0070 3968 HidBth - ok 13:29:14.0070 3968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:29:14.0101 3968 HidIr - ok 13:29:14.0164 3968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 13:29:14.0195 3968 HidUsb - ok 13:29:14.0273 3968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:29:14.0288 3968 HpSAMD - ok 13:29:14.0335 3968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:29:14.0413 3968 HTTP - ok 13:29:14.0491 3968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:29:14.0507 3968 hwpolicy - ok 13:29:14.0538 3968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:29:14.0554 3968 i8042prt - ok 13:29:14.0600 3968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:29:14.0632 3968 iaStorV - ok 13:29:14.0694 3968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:29:14.0725 3968 iirsp - ok 13:29:14.0819 3968 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys 13:29:14.0850 3968 IntcAzAudAddService - ok 13:29:14.0881 3968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:29:14.0881 3968 intelide - ok 13:29:14.0912 3968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:29:14.0944 3968 intelppm - ok 13:29:15.0006 3968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:29:15.0068 3968 IpFilterDriver - ok 13:29:15.0131 3968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:29:15.0162 3968 IPMIDRV - ok 13:29:15.0224 3968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:29:15.0287 3968 IPNAT - ok 13:29:15.0365 3968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:29:15.0427 3968 IRENUM - ok 13:29:15.0474 3968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:29:15.0505 3968 isapnp - ok 13:29:15.0521 3968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:29:15.0552 3968 iScsiPrt - ok 13:29:15.0583 3968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:29:15.0583 3968 kbdclass - ok 13:29:15.0661 3968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:29:15.0708 3968 kbdhid - ok 13:29:15.0724 3968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:29:15.0739 3968 KSecDD - ok 13:29:15.0786 3968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:29:15.0802 3968 KSecPkg - ok 13:29:15.0848 3968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:29:15.0911 3968 ksthunk - ok 13:29:15.0989 3968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:29:16.0036 3968 lltdio - ok 13:29:16.0067 3968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:29:16.0082 3968 LSI_FC - ok 13:29:16.0098 3968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:29:16.0114 3968 LSI_SAS - ok 13:29:16.0129 3968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:29:16.0145 3968 LSI_SAS2 - ok 13:29:16.0160 3968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:29:16.0192 3968 LSI_SCSI - ok 13:29:16.0457 3968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:29:16.0535 3968 luafv - ok 13:29:16.0784 3968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:29:16.0816 3968 megasas - ok 13:29:16.0878 3968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:29:16.0909 3968 MegaSR - ok 13:29:16.0925 3968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:29:16.0972 3968 Modem - ok 13:29:17.0018 3968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:29:17.0050 3968 monitor - ok 13:29:17.0112 3968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:29:17.0128 3968 mouclass - ok 13:29:17.0159 3968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:29:17.0190 3968 mouhid - ok 13:29:17.0237 3968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:29:17.0252 3968 mountmgr - ok 13:29:17.0284 3968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:29:17.0299 3968 mpio - ok 13:29:17.0315 3968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:29:17.0346 3968 mpsdrv - ok 13:29:17.0377 3968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:29:17.0455 3968 MRxDAV - ok 13:29:17.0502 3968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:29:17.0564 3968 mrxsmb - ok 13:29:17.0627 3968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:29:17.0674 3968 mrxsmb10 - ok 13:29:17.0736 3968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:29:17.0767 3968 mrxsmb20 - ok 13:29:17.0798 3968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:29:17.0814 3968 msahci - ok 13:29:17.0845 3968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:29:17.0845 3968 msdsm - ok 13:29:17.0876 3968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:29:17.0923 3968 Msfs - ok 13:29:17.0923 3968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:29:17.0986 3968 mshidkmdf - ok 13:29:18.0032 3968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:29:18.0064 3968 msisadrv - ok 13:29:18.0126 3968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:29:18.0188 3968 MSKSSRV - ok 13:29:18.0251 3968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:29:18.0313 3968 MSPCLOCK - ok 13:29:18.0391 3968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:29:18.0469 3968 MSPQM - ok 13:29:18.0532 3968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:29:18.0563 3968 MsRPC - ok 13:29:18.0594 3968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:29:18.0610 3968 mssmbios - ok 13:29:18.0656 3968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:29:18.0750 3968 MSTEE - ok 13:29:18.0750 3968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:29:18.0781 3968 MTConfig - ok 13:29:18.0859 3968 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 13:29:18.0875 3968 MTsensor - ok 13:29:18.0937 3968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:29:18.0953 3968 Mup - ok 13:29:19.0031 3968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:29:19.0093 3968 NativeWifiP - ok 13:29:19.0171 3968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:29:19.0234 3968 NDIS - ok 13:29:19.0296 3968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:29:19.0358 3968 NdisCap - ok 13:29:19.0390 3968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:29:19.0421 3968 NdisTapi - ok 13:29:19.0468 3968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:29:19.0530 3968 Ndisuio - ok 13:29:19.0592 3968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:29:19.0780 3968 NdisWan - ok 13:29:19.0842 3968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:29:19.0904 3968 NDProxy - ok 13:29:19.0967 3968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:29:20.0029 3968 NetBIOS - ok 13:29:20.0076 3968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:29:20.0107 3968 NetBT - ok 13:29:20.0232 3968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:29:20.0263 3968 nfrd960 - ok 13:29:20.0310 3968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:29:20.0357 3968 Npfs - ok 13:29:20.0388 3968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:29:20.0419 3968 nsiproxy - ok 13:29:20.0466 3968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:29:20.0528 3968 Ntfs - ok 13:29:20.0575 3968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:29:20.0638 3968 Null - ok 13:29:20.0700 3968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:29:20.0731 3968 nvraid - ok 13:29:20.0794 3968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:29:20.0825 3968 nvstor - ok 13:29:20.0856 3968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:29:20.0872 3968 nv_agp - ok 13:29:20.0903 3968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:29:20.0950 3968 ohci1394 - ok 13:29:21.0028 3968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:29:21.0059 3968 Parport - ok 13:29:21.0090 3968 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 13:29:21.0106 3968 partmgr - ok 13:29:21.0152 3968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:29:21.0168 3968 pci - ok 13:29:21.0184 3968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:29:21.0199 3968 pciide - ok 13:29:21.0246 3968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:29:21.0277 3968 pcmcia - ok 13:29:21.0293 3968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:29:21.0308 3968 pcw - ok 13:29:21.0386 3968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:29:21.0464 3968 PEAUTH - ok 13:29:21.0558 3968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:29:21.0605 3968 PptpMiniport - ok 13:29:21.0636 3968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:29:21.0652 3968 Processor - ok 13:29:21.0714 3968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:29:21.0792 3968 Psched - ok 13:29:21.0932 3968 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 13:29:21.0948 3968 PSI - ok 13:29:22.0010 3968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:29:22.0088 3968 ql2300 - ok 13:29:22.0135 3968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:29:22.0166 3968 ql40xx - ok 13:29:22.0182 3968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:29:22.0229 3968 QWAVEdrv - ok 13:29:22.0244 3968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:29:22.0276 3968 RasAcd - ok 13:29:22.0322 3968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:29:22.0354 3968 RasAgileVpn - ok 13:29:22.0385 3968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:29:22.0432 3968 Rasl2tp - ok 13:29:22.0494 3968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:29:22.0572 3968 RasPppoe - ok 13:29:22.0634 3968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:29:22.0712 3968 RasSstp - ok 13:29:22.0728 3968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:29:22.0775 3968 rdbss - ok 13:29:22.0790 3968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:29:22.0822 3968 rdpbus - ok 13:29:22.0837 3968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:29:22.0884 3968 RDPCDD - ok 13:29:22.0946 3968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:29:23.0009 3968 RDPENCDD - ok 13:29:23.0009 3968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:29:23.0040 3968 RDPREFMP - ok 13:29:23.0087 3968 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 13:29:23.0134 3968 RDPWD - ok 13:29:23.0196 3968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:29:23.0212 3968 rdyboost - ok 13:29:23.0258 3968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:29:23.0305 3968 rspndr - ok 13:29:23.0399 3968 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 13:29:23.0430 3968 RTL8167 - ok 13:29:23.0524 3968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:29:23.0524 3968 sbp2port - ok 13:29:23.0555 3968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:29:23.0602 3968 scfilter - ok 13:29:23.0648 3968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:29:23.0680 3968 secdrv - ok 13:29:23.0758 3968 Ser2pl (2cd118925f9cdf665f7c08aecd8177ef) C:\Windows\system32\DRIVERS\ser2pl64.sys 13:29:23.0804 3968 Ser2pl - ok 13:29:23.0820 3968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:29:23.0851 3968 Serenum - ok 13:29:23.0898 3968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:29:23.0929 3968 Serial - ok 13:29:23.0945 3968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:29:23.0976 3968 sermouse - ok 13:29:23.0992 3968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:29:24.0038 3968 sffdisk - ok 13:29:24.0085 3968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:29:24.0116 3968 sffp_mmc - ok 13:29:24.0132 3968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:29:24.0148 3968 sffp_sd - ok 13:29:24.0163 3968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:29:24.0194 3968 sfloppy - ok 13:29:24.0257 3968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:29:24.0288 3968 SiSRaid2 - ok 13:29:24.0304 3968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:29:24.0319 3968 SiSRaid4 - ok 13:29:24.0335 3968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:29:24.0397 3968 Smb - ok 13:29:24.0460 3968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:29:24.0491 3968 spldr - ok 13:29:24.0522 3968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:29:24.0569 3968 srv - ok 13:29:24.0647 3968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:29:24.0678 3968 srv2 - ok 13:29:24.0694 3968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:29:24.0725 3968 srvnet - ok 13:29:24.0818 3968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:29:24.0850 3968 stexstor - ok 13:29:24.0881 3968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:29:24.0896 3968 swenum - ok 13:29:24.0974 3968 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 13:29:25.0052 3968 Tcpip - ok 13:29:25.0146 3968 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 13:29:25.0193 3968 TCPIP6 - ok 13:29:25.0208 3968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:29:25.0255 3968 tcpipreg - ok 13:29:25.0286 3968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:29:25.0333 3968 TDPIPE - ok 13:29:25.0380 3968 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 13:29:25.0411 3968 TDTCP - ok 13:29:25.0442 3968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:29:25.0520 3968 tdx - ok 13:29:25.0536 3968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:29:25.0552 3968 TermDD - ok 13:29:25.0645 3968 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys 13:29:25.0661 3968 truecrypt - ok 13:29:25.0692 3968 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys 13:29:25.0708 3968 trufos - ok 13:29:25.0770 3968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:29:25.0832 3968 tssecsrv - ok 13:29:25.0910 3968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:29:25.0942 3968 TsUsbFlt - ok 13:29:26.0020 3968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:29:26.0082 3968 tunnel - ok 13:29:26.0144 3968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:29:26.0160 3968 uagp35 - ok 13:29:26.0176 3968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:29:26.0222 3968 udfs - ok 13:29:26.0254 3968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:29:26.0254 3968 uliagpkx - ok 13:29:26.0316 3968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:29:26.0347 3968 umbus - ok 13:29:26.0394 3968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:29:26.0425 3968 UmPass - ok 13:29:26.0472 3968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 13:29:26.0519 3968 usbccgp - ok 13:29:26.0534 3968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:29:26.0581 3968 usbcir - ok 13:29:26.0597 3968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 13:29:26.0612 3968 usbehci - ok 13:29:26.0690 3968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:29:26.0706 3968 usbhub - ok 13:29:26.0722 3968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 13:29:26.0753 3968 usbohci - ok 13:29:26.0800 3968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:29:26.0831 3968 usbprint - ok 13:29:26.0924 3968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:29:27.0002 3968 USBSTOR - ok 13:29:27.0221 3968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 13:29:27.0268 3968 usbuhci - ok 13:29:27.0424 3968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:29:27.0439 3968 vdrvroot - ok 13:29:27.0502 3968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:29:27.0533 3968 vga - ok 13:29:27.0548 3968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:29:27.0611 3968 VgaSave - ok 13:29:27.0673 3968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:29:27.0704 3968 vhdmp - ok 13:29:27.0751 3968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:29:27.0767 3968 viaide - ok 13:29:27.0782 3968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:29:27.0814 3968 volmgr - ok 13:29:27.0860 3968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:29:27.0892 3968 volmgrx - ok 13:29:27.0923 3968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:29:27.0938 3968 volsnap - ok 13:29:27.0985 3968 vrtldskdrv - ok 13:29:28.0110 3968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:29:28.0141 3968 vsmraid - ok 13:29:28.0157 3968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 13:29:28.0188 3968 vwifibus - ok 13:29:28.0204 3968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:29:28.0219 3968 WacomPen - ok 13:29:28.0282 3968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:29:28.0328 3968 WANARP - ok 13:29:28.0328 3968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:29:28.0360 3968 Wanarpv6 - ok 13:29:28.0438 3968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:29:28.0453 3968 Wd - ok 13:29:28.0484 3968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:29:28.0531 3968 Wdf01000 - ok 13:29:28.0625 3968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:29:28.0672 3968 WfpLwf - ok 13:29:28.0687 3968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:29:28.0687 3968 WIMMount - ok 13:29:28.0781 3968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:29:28.0812 3968 WmiAcpi - ok 13:29:28.0890 3968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:29:28.0937 3968 ws2ifsl - ok 13:29:28.0968 3968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:29:29.0015 3968 WudfPf - ok 13:29:29.0030 3968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:29:29.0077 3968 WUDFRd - ok 13:29:29.0108 3968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:29:29.0171 3968 \Device\Harddisk0\DR0 - ok 13:29:29.0171 3968 Boot (0x1200) (cb3aab7997e7a36ba3eb363299b5decf) \Device\Harddisk0\DR0\Partition0 13:29:29.0171 3968 \Device\Harddisk0\DR0\Partition0 - ok 13:29:29.0186 3968 Boot (0x1200) (092b7a00dc2790e4f5c5ecedc454184f) \Device\Harddisk0\DR0\Partition1 13:29:29.0186 3968 \Device\Harddisk0\DR0\Partition1 - ok 13:29:29.0202 3968 Boot (0x1200) (9ad33df95a7b8b9d3cde9feb07604938) \Device\Harddisk0\DR0\Partition2 13:29:29.0202 3968 \Device\Harddisk0\DR0\Partition2 - ok 13:29:29.0202 3968 ============================================================ 13:29:29.0202 3968 Scan finished 13:29:29.0202 3968 ============================================================ 13:29:29.0218 4860 Detected object count: 0 13:29:29.0218 4860 Actual detected object count: 0 |
27.01.2012, 14:01 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2012, 14:41 | #13 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Hier das Ergebnis: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-27.01 - Rums 27.01.2012 14:20:34.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8167.6188 [GMT 1:00] ausgeführt von:: d:\downloads\ComboFix.exe AV: Bitdefender Virenschutz *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: Bitdefender Spyware-Schutz *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rums\ResourceReader.dll c:\windows\system32\java.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-12-27 bis 2012-01-27 )))))))))))))))))))))))))))))) . . 2012-01-27 13:24 . 2012-01-27 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-27 13:24 . 2012-01-27 13:27 -------- d-----w- c:\users\Rums\AppData\Local\temp 2012-01-26 15:14 . 2012-01-26 15:14 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-26 15:14 . 2012-01-26 15:14 -------- d-----w- c:\program files\Java 2012-01-26 15:07 . 2012-01-26 15:07 -------- d-----w- c:\users\Rums\AppData\Local\Secunia PSI 2012-01-26 15:07 . 2012-01-26 15:07 -------- d-----w- c:\program files (x86)\Secunia 2012-01-26 06:17 . 2012-01-26 06:17 -------- d-----w- c:\users\Rums\AppData\Roaming\Malwarebytes 2012-01-25 17:57 . 2012-01-25 20:56 -------- d-----w- c:\windows\Microsoft Antimalware 2012-01-25 17:57 . 2012-01-25 17:57 -------- d-----w- c:\windows\Windows Defender Offline 2012-01-25 15:58 . 2012-01-25 15:58 -------- d-----w- c:\users\Chef\AppData\Roaming\Malwarebytes 2012-01-25 15:58 . 2012-01-25 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-25 15:58 . 2012-01-25 15:58 -------- d-----w- c:\programdata\Malwarebytes 2012-01-25 15:58 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-24 14:59 . 2012-01-24 14:59 -------- d-----w- c:\users\Chef\AppData\Roaming\QuickScan 2012-01-23 15:01 . 2012-01-23 15:01 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-23 15:01 . 2012-01-23 15:01 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-23 15:01 . 2012-01-23 15:01 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-23 15:01 . 2012-01-23 15:01 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-01-13 15:01 . 2012-01-13 15:01 -------- d-----w- c:\users\Chef\AppData\Roaming\inkscape 2012-01-13 13:04 . 2012-01-13 14:56 -------- d-----w- c:\users\Chef\.jajuk 2012-01-13 12:49 . 2012-01-13 13:02 -------- d-----w- c:\program files\Jajuk 2012-01-13 12:42 . 2012-01-13 12:42 -------- d-----w- c:\users\Rums\AppData\Roaming\inkscape 2012-01-13 12:35 . 2012-01-13 12:41 -------- d-----w- c:\program files (x86)\Inkscape 2012-01-13 10:25 . 2012-01-13 10:25 -------- d-----w- c:\users\Rums\AppData\Local\ElevatedDiagnostics 2012-01-12 12:52 . 2012-01-12 12:52 -------- d-----w- c:\users\Chef\AppData\Local\Telekom 2012-01-12 12:48 . 2012-01-12 12:48 -------- d-----w- c:\users\Rums\AppData\Local\Telekom 2012-01-12 12:44 . 2010-05-15 14:55 216856 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll 2012-01-12 12:44 . 2010-05-15 14:55 187672 ----a-w- c:\windows\system32\CbFsMntNtf3.dll 2012-01-12 12:44 . 2010-05-15 14:55 155416 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll 2012-01-12 12:44 . 2010-05-15 14:55 139032 ----a-w- c:\windows\system32\CbFsNetRdr3.dll 2012-01-12 12:44 . 2010-05-15 14:55 318152 ----a-w- c:\windows\system32\drivers\cbfs3.sys 2012-01-12 12:44 . 2011-11-23 12:02 308736 ----a-w- c:\windows\system32\DTAG.Mediencenter.ShellExtension.dll 2012-01-12 12:44 . 2011-11-23 12:03 3897744 ----a-w- c:\windows\system32\Mediencenter_Uninstall.exe 2012-01-12 12:44 . 2012-01-12 12:44 -------- d-----w- c:\program files\Telekom 2012-01-11 13:58 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 13:58 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 13:58 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 13:58 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 13:58 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 13:58 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 13:58 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 13:58 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-10 08:12 . 2012-01-10 08:12 -------- d-----w- C:\BDLOGS 2011-12-31 10:34 . 2011-12-31 10:34 -------- d-----w- c:\users\Chef\AppData\Roaming\elsterformular . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-12 18:18 . 2011-12-12 18:18 4771184 ----a-w- c:\windows\SysWow64\LxXtreme100.dll 2011-12-12 18:18 . 2011-12-12 18:18 104304 ----a-w- c:\windows\SysWow64\LxUISettingsN100.dll 2011-12-12 18:18 . 2011-12-12 18:18 25968 ----a-w- c:\windows\SysWow64\LxTPSW100.dll 2011-12-12 18:18 . 2011-12-12 18:18 1334640 ----a-w- c:\windows\SysWow64\LxTool100.dll 2011-12-12 18:18 . 2011-12-12 18:18 63344 ----a-w- c:\windows\SysWow64\LxPXTree100.dll 2011-12-12 18:18 . 2011-12-12 18:18 111472 ----a-w- c:\windows\SysWow64\LxODBC100.dll 2011-12-12 18:18 . 2011-12-12 18:18 127344 ----a-w- c:\windows\SysWow64\LxMail100.dll 2011-12-12 18:18 . 2011-12-12 18:18 200048 ----a-w- c:\windows\SysWow64\LxDBAL100.dll 2011-12-12 18:18 . 2011-12-12 18:18 76656 ----a-w- c:\windows\SysWow64\LxDAO100.dll 2011-12-12 18:18 . 2011-12-12 18:18 49520 ----a-w- c:\windows\SysWow64\LXCurr100.dll 2011-12-12 18:18 . 2011-12-12 18:18 67952 ----a-w- c:\windows\SysWow64\LxCI12.dll 2011-12-12 18:18 . 2011-12-12 18:18 193904 ----a-w- c:\windows\SysWow64\LxBasics100.dll 2011-12-09 14:05 . 2011-12-09 14:05 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-12-02 14:42 . 2011-10-21 13:40 685192 ----a-w- c:\windows\system32\drivers\avc3.sys 2011-12-02 14:42 . 2011-09-01 09:15 543528 ----a-w- c:\windows\system32\drivers\avckf.sys 2011-12-02 14:42 . 2011-07-15 14:12 258736 ----a-w- c:\windows\system32\drivers\avchv.sys 2011-11-24 10:34 . 2011-11-24 10:34 28632 ----a-w- c:\windows\SysWow64\drivers\virtualdisk.sys 2011-11-24 04:52 . 2011-12-14 16:57 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-23 16:01 . 2011-11-23 16:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-23 13:22 . 2011-11-23 10:49 8398848 ----a-w- c:\users\Rums\PCPE_3.0.1.msi 2011-11-23 13:22 . 2011-11-23 10:49 8975736 ----a-w- c:\users\Rums\PCPE Setup.exe 2011-11-23 13:22 . 2011-11-23 10:49 626688 ----a-w- c:\users\Rums\msvcr80.dll 2011-11-23 13:22 . 2011-11-23 10:49 21880 ----a-w- c:\users\Rums\grm_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 21880 ----a-w- c:\users\Rums\fr_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 21368 ----a-w- c:\users\Rums\pt_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 21368 ----a-w- c:\users\Rums\it_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 21368 ----a-w- c:\users\Rums\es_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 21368 ----a-w- c:\users\Rums\en_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 20856 ----a-w- c:\users\Rums\ru_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 20344 ----a-w- c:\users\Rums\jp_res.dll 2011-11-23 13:22 . 2011-11-23 10:49 1079808 ----a-w- c:\users\Rums\mfc80u.dll 2011-11-23 10:00 . 2011-11-23 10:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-11-23 10:00 . 2011-11-23 10:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-11-23 10:00 . 2011-11-23 10:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-11-23 10:00 . 2011-11-23 10:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-11-23 10:00 . 2011-11-23 10:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-11-23 10:00 . 2011-11-23 10:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-11-23 10:00 . 2011-11-23 10:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-11-23 10:00 . 2011-11-23 10:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-11-23 10:00 . 2011-11-23 10:00 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-11-23 10:00 . 2011-11-23 10:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-11-23 10:00 . 2011-11-23 10:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-11-23 10:00 . 2011-11-23 10:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-11-23 10:00 . 2011-11-23 10:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-11-23 10:00 . 2011-11-23 10:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-11-23 10:00 . 2011-11-23 10:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-11-23 10:00 . 2011-11-23 10:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-11-23 10:00 . 2011-11-23 10:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-11-23 10:00 . 2011-11-23 10:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-11-23 10:00 . 2011-11-23 10:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-11-23 10:00 . 2011-11-23 10:00 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-11-23 10:00 . 2011-11-23 10:00 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-11-23 10:00 . 2011-11-23 10:00 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-11-23 10:00 . 2011-11-23 10:00 222208 ----a-w- c:\windows\system32\msls31.dll 2011-11-23 10:00 . 2011-11-23 10:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-11-23 10:00 . 2011-11-23 10:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-11-23 10:00 . 2011-11-23 10:00 12288 ----a-w- c:\windows\system32\mshta.exe 2011-11-23 10:00 . 2011-11-23 10:00 114176 ----a-w- c:\windows\system32\admparse.dll 2011-11-23 10:00 . 2011-11-23 10:00 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-23 10:00 . 2011-11-23 10:00 448512 ----a-w- c:\windows\system32\html.iec 2011-11-23 10:00 . 2011-11-23 10:00 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-11-23 10:00 . 2011-11-23 10:00 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-11-23 10:00 . 2011-11-23 10:00 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-23 10:00 . 2011-11-23 10:00 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-11-23 10:00 . 2011-11-23 10:00 160256 ----a-w- c:\windows\system32\wextract.exe 2011-11-23 08:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-11-23 08:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-11-22 17:07 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-11-22 16:42 . 2011-03-01 15:45 90192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys 2011-11-22 07:53 . 2011-11-22 07:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-11-21 23:04 . 2011-11-21 23:04 416926 ----a-w- c:\programdata\1321915346.bdinstall.bin 2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll 2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2011-11-10 03:16 . 2011-05-25 03:07 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-11-10 03:15 . 2011-05-25 03:06 927232 ----a-w- c:\windows\system32\aticfx64.dll 2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe 2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-11-10 03:06 . 2011-11-10 03:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-11-10 02:51 . 2011-05-25 02:49 7405056 ----a-w- c:\windows\system32\atidxx64.dll 2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-11-10 02:40 . 2011-11-10 02:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll 2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll 2011-11-10 02:33 . 2011-05-25 02:39 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-11-10 02:29 . 2011-05-25 02:50 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2011-09-12 688648] R2 vrtldsksvc;Virtual Disk Service;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-22 90192] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-22 103504] S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984] S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880] S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2011-11-23 12800] S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-12-28 75384] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-12-28 62512] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2010-05-15 14:55 187672 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload] @="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}" [HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}] 2011-11-23 12:02 308736 ----a-w- c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1] @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}" [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}] 2011-12-28 16:49 264344 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2] @="{342DAA0B-D796-460D-8566-901E08A1CCAD}" [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}] 2011-12-28 16:49 264344 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3] @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}" [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}] 2011-12-28 16:49 264344 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4] @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}" [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}] 2011-12-28 16:49 264344 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-12-28 1063136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Rums\AppData\Roaming\Mozilla\Firefox\Profiles\zae4ipwu.default\ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe c:\windows\SysWOW64\WinMsgBalloonServer.exe c:\windows\SysWOW64\WinMsgBalloonClient.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-01-27 14:31:47 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-01-27 13:31 . Vor Suchlauf: 12 Verzeichnis(se), 22.986.141.696 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 22.948.012.032 Bytes frei . - - End Of File - - EB199B7DFD635FD42728ADBF7DA765BB |
27.01.2012, 15:37 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2012, 15:57 | #15 |
| Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-01-27 15:50:40 ----------------------------- 15:50:40.392 OS Version: Windows x64 6.1.7601 Service Pack 1 15:50:40.392 Number of processors: 4 586 0x102 15:50:40.392 ComputerName: Rums UserName: 15:50:41.733 Initialize success 15:51:16.205 AVAST engine download error: 0 15:52:39.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 15:52:39.232 Disk 0 Vendor: AMD_____ 1.10 Size: 237464MB BusType: 8 15:52:39.247 Disk 0 MBR read successfully 15:52:39.247 Disk 0 MBR scan 15:52:39.247 Disk 0 Windows 7 default MBR code 15:52:39.263 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 15:52:39.263 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 61339 MB offset 206848 15:52:39.294 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 176023 MB offset 125829120 15:52:39.294 Service scanning 15:52:40.402 Modules scanning 15:52:40.402 Disk 0 trace - called modules: 15:52:40.417 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys 15:52:40.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a53060] 15:52:40.433 3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> \Device\00000055[0xfffffa800787c9c0] 15:52:40.449 Scan finished successfully 15:53:43.172 Disk 0 MBR has been saved successfully to "C:\Users\Rums\Desktop\MBR.dat" 15:53:43.172 The log file has been saved successfully to "C:\Users\Rums\Desktop\aswMBR.txt" |
Themen zu Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? |
anderen, anhang, autostart, bitdefender, defender, entfernt, ergebnisse, exe, express, frage, gen, live, mail, mehrere trojaner, namen, nichts, notification, rechner, rojaner gefunden, security, system, total, total security, trojaner, trojaner gefunden, versteckt sich, versteckte, win, win32/bublik.b, windows |