Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?

Rums · 25.01.2012, 17:32

Hallo,
gestern hab ich klugerweise einen Mail Anhang (exe) ausgeführt (Mail Betreff: DHL Express Notification). Ja ich weiß, sollte man nicht machen, hab aber im Brass exe überlesen!-(( Beim Doppelklick wurde es mir aber bewußt und ich hab den Rechner innerhalb von ca. 3 Minuten vom Netz getrennt. Mit einem anderen Rechner hab ich mir 2 Live CDs gemacht: Bitdefender und Windows Defender Offline. Bitdefender hat nichts gefunden (Begeisterung läuft nämlich auch als Total Security 2012 auf meinem System:-((( - Windows Defender hat mehrere Trojaner gefunden und entfernt: Win32/Bublik.b versteckte sich scheinbar in der ausgeführten exe und 3 weitere waren in Profilsicherungen von Thunderbird, die Namen hab ich allerdings vergessen.

Die Frage ist jetzt, war das alles oder versteckt sich bei mir noch mehr?

Defogger und OTL Ergebnisse habe ich angehängt.

Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:41 on 25/01/2012 (Rums)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Vielen Dank schon mal im Voraus!!!

cosinus · 25.01.2012, 20:19

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Rums · 26.01.2012, 11:27

Hallo Cosinus,

erst mal Danke für die schnelle Antwort! Ich habe alles durchlaufen lassen und es wurde nichts mehr gefunden!-) Hier sind die Ergebnisse:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rums :: Rums [Administrator]

26.01.2012 07:17:55
mbam-log-2012-01-26 (07-17-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319084
Laufzeit: 36 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27e6e4f389fa6547ad66655c6e7d59e2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 09:12:22
# local_time=2012-01-26 10:12:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 5523460 79192853 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=137947
# found=0
# cleaned=0
# scan_time=6138

cosinus · 26.01.2012, 16:14

Zitat:

Win32/Bublik.b Trojaner entfernt

Wie genau wurde der entfernt? Logs dazu?
ESET und Malwarebytes haben ja nichts mehr gefunden!

Rums · 26.01.2012, 16:44

Hallo Cosinus,

gefunden und entfernt wurden sie mit einer Windows Defender live cd

Code:

ATTFilter

ERRORS_ONLY=0
MAX_SIZE=5120                            
APPEND=1
MAX_LINE_SIZE=256                             
-------------------------------------------------
START	2012/01/25 09:57:40:601 TID:836 PID:784

INFO	2012/01/25 09:57:40:601 TID:836 PID:784
Binary architecture is amd64

INFO	2012/01/25 09:57:40:616 TID:836 PID:784
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO	2012/01/25 09:57:40:616 TID:836 PID:784
CheckProcessorArchitecture returned 0x00000000

INFO	2012/01/25 09:57:40:616 TID:836 PID:784
SetRecoveryEnvironmentKey returned 0x00000000

INFO	2012/01/25 09:57:40:616 TID:836 PID:784
GetSystemSweeperPath returned 0x00000000

INFO	2012/01/25 09:57:40:616 TID:836 PID:784
Windows Defender Offline Directory = 'x:\Program Files\Microsoft Security Client'

WARNING	2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING	2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING	2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING	2012/01/25 09:57:40:632 TID:836 PID:784
Missing definitions file in 'F:\mpam-fex64.exe'

INFO	2012/01/25 09:57:40:632 TID:836 PID:784
Found definitions file in 'G:\mpam-fex64.exe'

INFO	2012/01/25 09:57:40:632 TID:836 PID:784
Signatures File Target = 'x:\Program Files\Microsoft Security Client\mpam-fe.exe'

INFO	2012/01/25 09:57:57:683 TID:836 PID:784
CopySignatureFile returned 0x00000000

INFO	2012/01/25 12:53:01:041 TID:836 PID:784
RunCallisto returned 0x00000000

FINISH	2012/01/25 12:53:01:041 TID:788 PID:784


START	2012/01/25 12:55:57:024 TID:840 PID:784

INFO	2012/01/25 12:55:57:024 TID:840 PID:784
Binary architecture is amd64

INFO	2012/01/25 12:55:57:055 TID:840 PID:784
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO	2012/01/25 12:55:57:055 TID:840 PID:784
CheckProcessorArchitecture returned 0x00000000

INFO	2012/01/25 12:55:57:055 TID:840 PID:784
SetRecoveryEnvironmentKey returned 0x00000000

INFO	2012/01/25 12:55:57:055 TID:840 PID:784
GetSystemSweeperPath returned 0x00000000

INFO	2012/01/25 12:55:57:055 TID:840 PID:784

Diese Logdatei habe ich dazu gefunden.

cosinus · 26.01.2012, 17:16

Da geht leider nicht wirklich raus hervor, was denn nun gefunden wurde

Rums · 26.01.2012, 17:36

Ich kann dir leider nicht mehr liefern, den einzigen Namen den ich mir aufgeschrieben hatte war dieser: Win32/Bublik.B.
Gefunden in dem Mail Anhang und in einer Windows Datei.

Kann denn trotzdem noch was irgendwo laufen? Oder ist die Wahrscheinlichkeit nach den Scans eher gering? Ist es zu empfehlen Malewarebytes Pro zu kaufen und neben Bitdefender Total Security laufen zu lassen, oder behindern die sich dann gegenseitig? Fragen über Fragen?-))

cosinus · 26.01.2012, 18:47

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Rums · 27.01.2012, 11:02

Hallo cosinus,

hier ist das Ergebnis:

Code:

ATTFilter

OTL logfile created on: 27.01.2012 09:41:15 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,80% Memory free
15,95 Gb Paging File | 14,00 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,90 Gb Total Space | 21,52 Gb Free Space | 35,92% Space Free | Partition Type: NTFS
Drive D: | 171,90 Gb Total Space | 147,61 Gb Free Space | 85,87% Space Free | Partition Type: NTFS
 
Computer Name: Rums | User Name: Rums | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.25 15:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2011.08.24 14:42:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2009.12.15 17:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009.12.15 17:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.28 17:49:50 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011.12.28 17:49:46 | 001,950,448 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011.12.28 17:49:25 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.11.23 13:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.10.14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 15:05:39 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.12.02 15:42:22 | 000,685,192 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011.12.02 15:42:22 | 000,543,528 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011.12.02 15:42:21 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.29 15:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010.05.15 15:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.02.12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2011.11.24 11:34:30 | 000,028,632 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\virtualdisk.sys -- (vrtldskdrv)
DRV - [2011.11.22 17:42:54 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.22 17:42:53 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.23 16:01:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 10:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.18 09:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M]
 
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rums\AppData\Roaming\mozilla\Extensions
[2012.01.23 16:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:01:27 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.27 20:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.01.23 16:01:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.23 16:01:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.23 16:01:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.23 16:01:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.23 16:01:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.23 16:01:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCC4906-9D72-4113-87AC-B5DC70F4D7D0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 16:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.26 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Secunia PSI
[2012.01.26 16:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.01.26 07:17:15 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\Malwarebytes
[2012.01.25 18:57:57 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.01.25 18:57:40 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012.01.25 16:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.25 16:58:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Jajuk
[2012.01.13 13:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\inkscape
[2012.01.13 13:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2012.01.13 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\ElevatedDiagnostics
[2012.01.12 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Telekom
[2012.01.12 13:44:51 | 000,216,856 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2012.01.12 13:44:51 | 000,187,672 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2012.01.12 13:44:51 | 000,155,416 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2012.01.12 13:44:51 | 000,139,032 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2012.01.12 13:44:50 | 000,318,152 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2012.01.12 13:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom
[2012.01.12 13:44:35 | 000,308,736 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\DTAG.Mediencenter.ShellExtension.dll
[2012.01.12 13:44:32 | 003,897,744 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\Mediencenter_Uninstall.exe
[2012.01.12 13:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom
[2012.01.10 09:12:26 | 000,000,000 | ---D | C] -- C:\BDLOGS
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 09:34:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 09:34:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.27 09:34:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 09:34:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.27 09:34:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 09:29:48 | 000,324,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.27 09:29:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 09:29:23 | 2127,572,991 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.25 15:41:26 | 000,000,000 | ---- | M] () -- C:\Users\Rums\defogger_reenable
[2012.01.25 14:02:35 | 000,000,269 | -H-- | M] () -- C:\bdr-conf
[2012.01.18 09:39:38 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.13 13:46:06 | 000,000,765 | ---- | M] () -- C:\Users\Rums\.recently-used.xbel
[2012.01.12 13:47:52 | 000,000,021 | ---- | M] () -- C:\Users\Rums\AppData\Local\mc.pixel.data
[2012.01.12 13:44:46 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.01.12 13:44:46 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2012.01.09 13:29:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011.12.28 11:00:43 | 000,001,528 | ---- | M] () -- C:\Users\Rums\Desktop\AudialsOne 9 USB starten.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.26 16:07:38 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.01.25 15:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Rums\defogger_reenable
[2012.01.18 09:39:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.13 13:46:06 | 000,000,765 | ---- | C] () -- C:\Users\Rums\.recently-used.xbel
[2012.01.13 13:41:07 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.01.12 13:47:51 | 000,000,021 | ---- | C] () -- C:\Users\Rums\AppData\Local\mc.pixel.data
[2012.01.12 13:44:46 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.01.12 13:44:46 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2011.11.23 08:50:53 | 000,007,633 | ---- | C] () -- C:\Users\Rums\AppData\Local\Resmon.ResmonCfg
[2011.11.22 00:04:59 | 000,416,926 | ---- | C] () -- C:\ProgramData\1321915346.bdinstall.bin
[2011.11.21 22:10:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.21 22:10:29 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.11.21 22:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2009.12.15 17:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009.12.15 17:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.02.22 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll
[2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
 
========== LOP Check ==========
 
[2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender
[2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape
[2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware
[2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5
[2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird
[2009.07.14 06:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Adobe
[2011.11.21 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\ATI
[2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender
[2011.11.21 21:49:04 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Identities
[2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape
[2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware
[2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Macromedia
[2012.01.26 07:17:15 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Media Center Programs
[2011.11.29 15:29:33 | 000,000,000 | --SD | M] -- C:\Users\Rums\AppData\Roaming\Microsoft
[2011.11.22 01:25:41 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Mozilla
[2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5
[2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird
 
< %APPDATA%\*.exe /s >
[2011.11.29 15:29:33 | 000,088,102 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{10EBB586-D21E-60CA-0856-AA753EBE1F16}\ARPPRODUCTICON.exe
[2011.12.28 11:00:42 | 000,188,478 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\AudialsOne_installer.exe
[2011.12.28 11:00:42 | 000,230,164 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext.exe
[2011.12.28 11:00:42 | 000,229,348 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_1.exe
[2011.12.28 11:00:42 | 000,233,135 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_2.exe
[2011.12.28 11:00:41 | 000,014,534 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\SystemFolder_msiexec.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011.10.14 22:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 27.01.2012, 12:53

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Rums · 27.01.2012, 13:37

Hier das Log vom TDSS-Killer:

Code:

ATTFilter

13:28:37.0488 5628	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:28:39.0500 5628	============================================================
13:28:39.0500 5628	Current date / time: 2012/01/27 13:28:39.0500
13:28:39.0500 5628	SystemInfo:
13:28:39.0500 5628	
13:28:39.0500 5628	OS Version: 6.1.7601 ServicePack: 1.0
13:28:39.0500 5628	Product type: Workstation
13:28:39.0500 5628	ComputerName: Rums
13:28:39.0500 5628	UserName: Rums
13:28:39.0500 5628	Windows directory: C:\Windows
13:28:39.0500 5628	System windows directory: C:\Windows
13:28:39.0500 5628	Running under WOW64
13:28:39.0500 5628	Processor architecture: Intel x64
13:28:39.0500 5628	Number of processors: 4
13:28:39.0500 5628	Page size: 0x1000
13:28:39.0500 5628	Boot type: Normal boot
13:28:39.0500 5628	============================================================
13:28:41.0981 5628	Drive \Device\Harddisk0\DR0 - Size: 0x39F98E0000 (231.90 Gb), SectorSize: 0x200, Cylinders: 0x7640, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:28:42.0059 5628	Initialize success
13:29:02.0542 3968	============================================================
13:29:02.0542 3968	Scan started
13:29:02.0542 3968	Mode: Manual; SigCheck; TDLFS; 
13:29:02.0542 3968	============================================================
13:29:06.0005 3968	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:29:06.0130 3968	1394ohci - ok
13:29:06.0176 3968	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:29:06.0208 3968	ACPI - ok
13:29:06.0239 3968	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:29:06.0332 3968	AcpiPmi - ok
13:29:06.0410 3968	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:29:06.0442 3968	adp94xx - ok
13:29:06.0473 3968	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:29:06.0488 3968	adpahci - ok
13:29:06.0504 3968	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:29:06.0504 3968	adpu320 - ok
13:29:06.0582 3968	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:29:06.0629 3968	AFD - ok
13:29:06.0691 3968	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:29:06.0722 3968	agp440 - ok
13:29:06.0769 3968	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:29:06.0800 3968	aliide - ok
13:29:06.0863 3968	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:29:06.0894 3968	amdide - ok
13:29:06.0910 3968	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:29:07.0066 3968	amdiox64 - ok
13:29:07.0128 3968	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:29:07.0190 3968	AmdK8 - ok
13:29:07.0424 3968	amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:29:07.0674 3968	amdkmdag - ok
13:29:07.0752 3968	amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
13:29:07.0799 3968	amdkmdap - ok
13:29:07.0861 3968	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:29:07.0908 3968	AmdPPM - ok
13:29:07.0986 3968	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:29:08.0002 3968	amdsata - ok
13:29:08.0033 3968	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:29:08.0064 3968	amdsbs - ok
13:29:08.0080 3968	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:29:08.0111 3968	amdxata - ok
13:29:08.0189 3968	AODDriver4.01   (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:29:08.0220 3968	AODDriver4.01 - ok
13:29:08.0298 3968	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:29:08.0360 3968	AppID - ok
13:29:08.0438 3968	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:29:08.0454 3968	arc - ok
13:29:08.0470 3968	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:29:08.0485 3968	arcsas - ok
13:29:08.0501 3968	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:08.0610 3968	AsyncMac - ok
13:29:08.0688 3968	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:29:08.0704 3968	atapi - ok
13:29:08.0797 3968	AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
13:29:08.0813 3968	AtiHDAudioService - ok
13:29:08.0875 3968	AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:29:08.0906 3968	AtiPcie - ok
13:29:09.0000 3968	avc3            (e275a45da5e9e6f043c47c245a9007aa) C:\Windows\system32\DRIVERS\avc3.sys
13:29:09.0031 3968	avc3 - ok
13:29:09.0094 3968	avchv           (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
13:29:09.0125 3968	avchv - ok
13:29:09.0203 3968	avckf           (3c64d0e61572bfe2c5c2beb8cb850d5b) C:\Windows\system32\DRIVERS\avckf.sys
13:29:09.0250 3968	avckf - ok
13:29:09.0343 3968	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:29:09.0390 3968	b06bdrv - ok
13:29:09.0468 3968	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:29:09.0515 3968	b57nd60a - ok
13:29:09.0608 3968	BdfNdisf        (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
13:29:09.0624 3968	BdfNdisf - ok
13:29:09.0702 3968	bdfsfltr        (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
13:29:09.0733 3968	bdfsfltr - ok
13:29:09.0796 3968	bdfwfpf         (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
13:29:09.0811 3968	bdfwfpf - ok
13:29:10.0030 3968	bdsandbox       (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys
13:29:10.0045 3968	bdsandbox - ok
13:29:10.0092 3968	BDVEDISK        (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
13:29:10.0123 3968	BDVEDISK - ok
13:29:10.0170 3968	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:29:10.0248 3968	Beep - ok
13:29:10.0295 3968	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:29:10.0326 3968	blbdrive - ok
13:29:10.0373 3968	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:29:10.0420 3968	bowser - ok
13:29:10.0451 3968	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:29:10.0529 3968	BrFiltLo - ok
13:29:10.0560 3968	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:29:10.0607 3968	BrFiltUp - ok
13:29:10.0669 3968	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:29:10.0716 3968	Brserid - ok
13:29:10.0794 3968	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:29:10.0825 3968	BrSerWdm - ok
13:29:10.0903 3968	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:29:10.0934 3968	BrUsbMdm - ok
13:29:11.0012 3968	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:29:11.0044 3968	BrUsbSer - ok
13:29:11.0059 3968	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:29:11.0090 3968	BTHMODEM - ok
13:29:11.0168 3968	cbfs3           (133aaf85c55d25766ffb7b1f0b85bb8f) C:\Windows\system32\drivers\cbfs3.sys
13:29:11.0200 3968	cbfs3 - ok
13:29:11.0231 3968	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:29:11.0262 3968	cdfs - ok
13:29:11.0309 3968	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:29:11.0356 3968	cdrom - ok
13:29:11.0434 3968	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:29:11.0496 3968	circlass - ok
13:29:11.0558 3968	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:29:11.0605 3968	CLFS - ok
13:29:11.0668 3968	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:29:11.0714 3968	CmBatt - ok
13:29:11.0730 3968	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:29:11.0761 3968	cmdide - ok
13:29:11.0777 3968	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:29:11.0808 3968	CNG - ok
13:29:11.0839 3968	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:29:11.0855 3968	Compbatt - ok
13:29:11.0886 3968	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:29:11.0933 3968	CompositeBus - ok
13:29:11.0980 3968	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:29:11.0995 3968	crcdisk - ok
13:29:12.0073 3968	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:29:12.0120 3968	DfsC - ok
13:29:12.0167 3968	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:29:12.0229 3968	discache - ok
13:29:12.0276 3968	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:29:12.0307 3968	Disk - ok
13:29:12.0338 3968	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:29:12.0370 3968	drmkaud - ok
13:29:12.0385 3968	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:29:12.0416 3968	DXGKrnl - ok
13:29:12.0494 3968	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:29:12.0588 3968	ebdrv - ok
13:29:12.0682 3968	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:29:12.0728 3968	elxstor - ok
13:29:12.0775 3968	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:29:12.0806 3968	ErrDev - ok
13:29:12.0853 3968	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:29:12.0916 3968	exfat - ok
13:29:12.0947 3968	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:29:13.0025 3968	fastfat - ok
13:29:13.0087 3968	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:29:13.0134 3968	fdc - ok
13:29:13.0196 3968	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:29:13.0228 3968	FileInfo - ok
13:29:13.0243 3968	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:29:13.0306 3968	Filetrace - ok
13:29:13.0352 3968	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:13.0384 3968	flpydisk - ok
13:29:13.0430 3968	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:29:13.0462 3968	FltMgr - ok
13:29:13.0493 3968	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:29:13.0508 3968	FsDepends - ok
13:29:13.0540 3968	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:29:13.0540 3968	Fs_Rec - ok
13:29:13.0586 3968	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:29:13.0618 3968	fvevol - ok
13:29:13.0649 3968	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:29:13.0664 3968	gagp30kx - ok
13:29:13.0680 3968	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:29:13.0711 3968	hcw85cir - ok
13:29:13.0789 3968	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:29:13.0836 3968	HdAudAddService - ok
13:29:13.0883 3968	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:29:13.0930 3968	HDAudBus - ok
13:29:13.0945 3968	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:29:13.0976 3968	HidBatt - ok
13:29:14.0023 3968	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:29:14.0070 3968	HidBth - ok
13:29:14.0070 3968	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:29:14.0101 3968	HidIr - ok
13:29:14.0164 3968	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:29:14.0195 3968	HidUsb - ok
13:29:14.0273 3968	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:29:14.0288 3968	HpSAMD - ok
13:29:14.0335 3968	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:29:14.0413 3968	HTTP - ok
13:29:14.0491 3968	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:29:14.0507 3968	hwpolicy - ok
13:29:14.0538 3968	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:29:14.0554 3968	i8042prt - ok
13:29:14.0600 3968	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:29:14.0632 3968	iaStorV - ok
13:29:14.0694 3968	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:29:14.0725 3968	iirsp - ok
13:29:14.0819 3968	IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
13:29:14.0850 3968	IntcAzAudAddService - ok
13:29:14.0881 3968	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:29:14.0881 3968	intelide - ok
13:29:14.0912 3968	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:29:14.0944 3968	intelppm - ok
13:29:15.0006 3968	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:15.0068 3968	IpFilterDriver - ok
13:29:15.0131 3968	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:29:15.0162 3968	IPMIDRV - ok
13:29:15.0224 3968	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:29:15.0287 3968	IPNAT - ok
13:29:15.0365 3968	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:29:15.0427 3968	IRENUM - ok
13:29:15.0474 3968	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:29:15.0505 3968	isapnp - ok
13:29:15.0521 3968	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:29:15.0552 3968	iScsiPrt - ok
13:29:15.0583 3968	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:29:15.0583 3968	kbdclass - ok
13:29:15.0661 3968	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:29:15.0708 3968	kbdhid - ok
13:29:15.0724 3968	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:29:15.0739 3968	KSecDD - ok
13:29:15.0786 3968	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:29:15.0802 3968	KSecPkg - ok
13:29:15.0848 3968	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:29:15.0911 3968	ksthunk - ok
13:29:15.0989 3968	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:29:16.0036 3968	lltdio - ok
13:29:16.0067 3968	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:29:16.0082 3968	LSI_FC - ok
13:29:16.0098 3968	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:29:16.0114 3968	LSI_SAS - ok
13:29:16.0129 3968	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:29:16.0145 3968	LSI_SAS2 - ok
13:29:16.0160 3968	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:29:16.0192 3968	LSI_SCSI - ok
13:29:16.0457 3968	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:29:16.0535 3968	luafv - ok
13:29:16.0784 3968	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:29:16.0816 3968	megasas - ok
13:29:16.0878 3968	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:29:16.0909 3968	MegaSR - ok
13:29:16.0925 3968	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:29:16.0972 3968	Modem - ok
13:29:17.0018 3968	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:29:17.0050 3968	monitor - ok
13:29:17.0112 3968	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:29:17.0128 3968	mouclass - ok
13:29:17.0159 3968	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:29:17.0190 3968	mouhid - ok
13:29:17.0237 3968	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:29:17.0252 3968	mountmgr - ok
13:29:17.0284 3968	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:29:17.0299 3968	mpio - ok
13:29:17.0315 3968	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:29:17.0346 3968	mpsdrv - ok
13:29:17.0377 3968	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:29:17.0455 3968	MRxDAV - ok
13:29:17.0502 3968	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:17.0564 3968	mrxsmb - ok
13:29:17.0627 3968	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:17.0674 3968	mrxsmb10 - ok
13:29:17.0736 3968	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:17.0767 3968	mrxsmb20 - ok
13:29:17.0798 3968	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:29:17.0814 3968	msahci - ok
13:29:17.0845 3968	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:29:17.0845 3968	msdsm - ok
13:29:17.0876 3968	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:29:17.0923 3968	Msfs - ok
13:29:17.0923 3968	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:29:17.0986 3968	mshidkmdf - ok
13:29:18.0032 3968	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:29:18.0064 3968	msisadrv - ok
13:29:18.0126 3968	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:29:18.0188 3968	MSKSSRV - ok
13:29:18.0251 3968	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:18.0313 3968	MSPCLOCK - ok
13:29:18.0391 3968	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:29:18.0469 3968	MSPQM - ok
13:29:18.0532 3968	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:29:18.0563 3968	MsRPC - ok
13:29:18.0594 3968	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:29:18.0610 3968	mssmbios - ok
13:29:18.0656 3968	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:29:18.0750 3968	MSTEE - ok
13:29:18.0750 3968	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:29:18.0781 3968	MTConfig - ok
13:29:18.0859 3968	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
13:29:18.0875 3968	MTsensor - ok
13:29:18.0937 3968	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:29:18.0953 3968	Mup - ok
13:29:19.0031 3968	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:29:19.0093 3968	NativeWifiP - ok
13:29:19.0171 3968	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:29:19.0234 3968	NDIS - ok
13:29:19.0296 3968	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:29:19.0358 3968	NdisCap - ok
13:29:19.0390 3968	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:19.0421 3968	NdisTapi - ok
13:29:19.0468 3968	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:19.0530 3968	Ndisuio - ok
13:29:19.0592 3968	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:19.0780 3968	NdisWan - ok
13:29:19.0842 3968	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:29:19.0904 3968	NDProxy - ok
13:29:19.0967 3968	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:29:20.0029 3968	NetBIOS - ok
13:29:20.0076 3968	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:29:20.0107 3968	NetBT - ok
13:29:20.0232 3968	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:29:20.0263 3968	nfrd960 - ok
13:29:20.0310 3968	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:29:20.0357 3968	Npfs - ok
13:29:20.0388 3968	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:29:20.0419 3968	nsiproxy - ok
13:29:20.0466 3968	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:29:20.0528 3968	Ntfs - ok
13:29:20.0575 3968	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:29:20.0638 3968	Null - ok
13:29:20.0700 3968	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:29:20.0731 3968	nvraid - ok
13:29:20.0794 3968	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:29:20.0825 3968	nvstor - ok
13:29:20.0856 3968	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:29:20.0872 3968	nv_agp - ok
13:29:20.0903 3968	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:29:20.0950 3968	ohci1394 - ok
13:29:21.0028 3968	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:29:21.0059 3968	Parport - ok
13:29:21.0090 3968	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:29:21.0106 3968	partmgr - ok
13:29:21.0152 3968	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:29:21.0168 3968	pci - ok
13:29:21.0184 3968	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:29:21.0199 3968	pciide - ok
13:29:21.0246 3968	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:29:21.0277 3968	pcmcia - ok
13:29:21.0293 3968	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:29:21.0308 3968	pcw - ok
13:29:21.0386 3968	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:29:21.0464 3968	PEAUTH - ok
13:29:21.0558 3968	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:21.0605 3968	PptpMiniport - ok
13:29:21.0636 3968	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:29:21.0652 3968	Processor - ok
13:29:21.0714 3968	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:29:21.0792 3968	Psched - ok
13:29:21.0932 3968	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
13:29:21.0948 3968	PSI - ok
13:29:22.0010 3968	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:29:22.0088 3968	ql2300 - ok
13:29:22.0135 3968	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:29:22.0166 3968	ql40xx - ok
13:29:22.0182 3968	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:29:22.0229 3968	QWAVEdrv - ok
13:29:22.0244 3968	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:22.0276 3968	RasAcd - ok
13:29:22.0322 3968	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:29:22.0354 3968	RasAgileVpn - ok
13:29:22.0385 3968	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:22.0432 3968	Rasl2tp - ok
13:29:22.0494 3968	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:22.0572 3968	RasPppoe - ok
13:29:22.0634 3968	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:22.0712 3968	RasSstp - ok
13:29:22.0728 3968	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:22.0775 3968	rdbss - ok
13:29:22.0790 3968	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:29:22.0822 3968	rdpbus - ok
13:29:22.0837 3968	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:22.0884 3968	RDPCDD - ok
13:29:22.0946 3968	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:29:23.0009 3968	RDPENCDD - ok
13:29:23.0009 3968	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:29:23.0040 3968	RDPREFMP - ok
13:29:23.0087 3968	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:29:23.0134 3968	RDPWD - ok
13:29:23.0196 3968	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:29:23.0212 3968	rdyboost - ok
13:29:23.0258 3968	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:23.0305 3968	rspndr - ok
13:29:23.0399 3968	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:29:23.0430 3968	RTL8167 - ok
13:29:23.0524 3968	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:29:23.0524 3968	sbp2port - ok
13:29:23.0555 3968	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:29:23.0602 3968	scfilter - ok
13:29:23.0648 3968	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:29:23.0680 3968	secdrv - ok
13:29:23.0758 3968	Ser2pl          (2cd118925f9cdf665f7c08aecd8177ef) C:\Windows\system32\DRIVERS\ser2pl64.sys
13:29:23.0804 3968	Ser2pl - ok
13:29:23.0820 3968	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:29:23.0851 3968	Serenum - ok
13:29:23.0898 3968	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:29:23.0929 3968	Serial - ok
13:29:23.0945 3968	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:29:23.0976 3968	sermouse - ok
13:29:23.0992 3968	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:29:24.0038 3968	sffdisk - ok
13:29:24.0085 3968	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:24.0116 3968	sffp_mmc - ok
13:29:24.0132 3968	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:29:24.0148 3968	sffp_sd - ok
13:29:24.0163 3968	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:29:24.0194 3968	sfloppy - ok
13:29:24.0257 3968	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:29:24.0288 3968	SiSRaid2 - ok
13:29:24.0304 3968	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:29:24.0319 3968	SiSRaid4 - ok
13:29:24.0335 3968	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:29:24.0397 3968	Smb - ok
13:29:24.0460 3968	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:29:24.0491 3968	spldr - ok
13:29:24.0522 3968	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:29:24.0569 3968	srv - ok
13:29:24.0647 3968	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:29:24.0678 3968	srv2 - ok
13:29:24.0694 3968	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:24.0725 3968	srvnet - ok
13:29:24.0818 3968	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:29:24.0850 3968	stexstor - ok
13:29:24.0881 3968	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:29:24.0896 3968	swenum - ok
13:29:24.0974 3968	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:29:25.0052 3968	Tcpip - ok
13:29:25.0146 3968	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:29:25.0193 3968	TCPIP6 - ok
13:29:25.0208 3968	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:29:25.0255 3968	tcpipreg - ok
13:29:25.0286 3968	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:29:25.0333 3968	TDPIPE - ok
13:29:25.0380 3968	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:29:25.0411 3968	TDTCP - ok
13:29:25.0442 3968	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:29:25.0520 3968	tdx - ok
13:29:25.0536 3968	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:29:25.0552 3968	TermDD - ok
13:29:25.0645 3968	truecrypt       (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
13:29:25.0661 3968	truecrypt - ok
13:29:25.0692 3968	trufos          (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
13:29:25.0708 3968	trufos - ok
13:29:25.0770 3968	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:25.0832 3968	tssecsrv - ok
13:29:25.0910 3968	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:29:25.0942 3968	TsUsbFlt - ok
13:29:26.0020 3968	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:29:26.0082 3968	tunnel - ok
13:29:26.0144 3968	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:29:26.0160 3968	uagp35 - ok
13:29:26.0176 3968	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:29:26.0222 3968	udfs - ok
13:29:26.0254 3968	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:29:26.0254 3968	uliagpkx - ok
13:29:26.0316 3968	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:29:26.0347 3968	umbus - ok
13:29:26.0394 3968	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:29:26.0425 3968	UmPass - ok
13:29:26.0472 3968	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
13:29:26.0519 3968	usbccgp - ok
13:29:26.0534 3968	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:29:26.0581 3968	usbcir - ok
13:29:26.0597 3968	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:29:26.0612 3968	usbehci - ok
13:29:26.0690 3968	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:29:26.0706 3968	usbhub - ok
13:29:26.0722 3968	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:29:26.0753 3968	usbohci - ok
13:29:26.0800 3968	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:29:26.0831 3968	usbprint - ok
13:29:26.0924 3968	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:27.0002 3968	USBSTOR - ok
13:29:27.0221 3968	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:29:27.0268 3968	usbuhci - ok
13:29:27.0424 3968	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:29:27.0439 3968	vdrvroot - ok
13:29:27.0502 3968	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:27.0533 3968	vga - ok
13:29:27.0548 3968	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:29:27.0611 3968	VgaSave - ok
13:29:27.0673 3968	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:29:27.0704 3968	vhdmp - ok
13:29:27.0751 3968	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:29:27.0767 3968	viaide - ok
13:29:27.0782 3968	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:29:27.0814 3968	volmgr - ok
13:29:27.0860 3968	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:29:27.0892 3968	volmgrx - ok
13:29:27.0923 3968	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:29:27.0938 3968	volsnap - ok
13:29:27.0985 3968	vrtldskdrv - ok
13:29:28.0110 3968	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:29:28.0141 3968	vsmraid - ok
13:29:28.0157 3968	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:29:28.0188 3968	vwifibus - ok
13:29:28.0204 3968	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:29:28.0219 3968	WacomPen - ok
13:29:28.0282 3968	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:28.0328 3968	WANARP - ok
13:29:28.0328 3968	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:28.0360 3968	Wanarpv6 - ok
13:29:28.0438 3968	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:29:28.0453 3968	Wd - ok
13:29:28.0484 3968	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:29:28.0531 3968	Wdf01000 - ok
13:29:28.0625 3968	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:29:28.0672 3968	WfpLwf - ok
13:29:28.0687 3968	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:29:28.0687 3968	WIMMount - ok
13:29:28.0781 3968	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:29:28.0812 3968	WmiAcpi - ok
13:29:28.0890 3968	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:29:28.0937 3968	ws2ifsl - ok
13:29:28.0968 3968	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:29:29.0015 3968	WudfPf - ok
13:29:29.0030 3968	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:29:29.0077 3968	WUDFRd - ok
13:29:29.0108 3968	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:29:29.0171 3968	\Device\Harddisk0\DR0 - ok
13:29:29.0171 3968	Boot (0x1200)   (cb3aab7997e7a36ba3eb363299b5decf) \Device\Harddisk0\DR0\Partition0
13:29:29.0171 3968	\Device\Harddisk0\DR0\Partition0 - ok
13:29:29.0186 3968	Boot (0x1200)   (092b7a00dc2790e4f5c5ecedc454184f) \Device\Harddisk0\DR0\Partition1
13:29:29.0186 3968	\Device\Harddisk0\DR0\Partition1 - ok
13:29:29.0202 3968	Boot (0x1200)   (9ad33df95a7b8b9d3cde9feb07604938) \Device\Harddisk0\DR0\Partition2
13:29:29.0202 3968	\Device\Harddisk0\DR0\Partition2 - ok
13:29:29.0202 3968	============================================================
13:29:29.0202 3968	Scan finished
13:29:29.0202 3968	============================================================
13:29:29.0218 4860	Detected object count: 0
13:29:29.0218 4860	Actual detected object count: 0

cosinus · 27.01.2012, 14:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rums · 27.01.2012, 14:41

Hier das Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-27.01 - Rums 27.01.2012  14:20:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8167.6188 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rums\ResourceReader.dll
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-27 bis 2012-01-27  ))))))))))))))))))))))))))))))
.
.
2012-01-27 13:24 . 2012-01-27 13:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-27 13:24 . 2012-01-27 13:27	--------	d-----w-	c:\users\Rums\AppData\Local\temp
2012-01-26 15:14 . 2012-01-26 15:14	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-26 15:14 . 2012-01-26 15:14	--------	d-----w-	c:\program files\Java
2012-01-26 15:07 . 2012-01-26 15:07	--------	d-----w-	c:\users\Rums\AppData\Local\Secunia PSI
2012-01-26 15:07 . 2012-01-26 15:07	--------	d-----w-	c:\program files (x86)\Secunia
2012-01-26 06:17 . 2012-01-26 06:17	--------	d-----w-	c:\users\Rums\AppData\Roaming\Malwarebytes
2012-01-25 17:57 . 2012-01-25 20:56	--------	d-----w-	c:\windows\Microsoft Antimalware
2012-01-25 17:57 . 2012-01-25 17:57	--------	d-----w-	c:\windows\Windows Defender Offline
2012-01-25 15:58 . 2012-01-25 15:58	--------	d-----w-	c:\users\Chef\AppData\Roaming\Malwarebytes
2012-01-25 15:58 . 2012-01-25 15:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 15:58 . 2012-01-25 15:58	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 15:58 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-24 14:59 . 2012-01-24 14:59	--------	d-----w-	c:\users\Chef\AppData\Roaming\QuickScan
2012-01-23 15:01 . 2012-01-23 15:01	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-23 15:01 . 2012-01-23 15:01	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-23 15:01 . 2012-01-23 15:01	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-23 15:01 . 2012-01-23 15:01	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-13 15:01 . 2012-01-13 15:01	--------	d-----w-	c:\users\Chef\AppData\Roaming\inkscape
2012-01-13 13:04 . 2012-01-13 14:56	--------	d-----w-	c:\users\Chef\.jajuk
2012-01-13 12:49 . 2012-01-13 13:02	--------	d-----w-	c:\program files\Jajuk
2012-01-13 12:42 . 2012-01-13 12:42	--------	d-----w-	c:\users\Rums\AppData\Roaming\inkscape
2012-01-13 12:35 . 2012-01-13 12:41	--------	d-----w-	c:\program files (x86)\Inkscape
2012-01-13 10:25 . 2012-01-13 10:25	--------	d-----w-	c:\users\Rums\AppData\Local\ElevatedDiagnostics
2012-01-12 12:52 . 2012-01-12 12:52	--------	d-----w-	c:\users\Chef\AppData\Local\Telekom
2012-01-12 12:48 . 2012-01-12 12:48	--------	d-----w-	c:\users\Rums\AppData\Local\Telekom
2012-01-12 12:44 . 2010-05-15 14:55	216856	----a-w-	c:\windows\SysWow64\CbFsNetRdr3.dll
2012-01-12 12:44 . 2010-05-15 14:55	187672	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
2012-01-12 12:44 . 2010-05-15 14:55	155416	----a-w-	c:\windows\SysWow64\CbFsMntNtf3.dll
2012-01-12 12:44 . 2010-05-15 14:55	139032	----a-w-	c:\windows\system32\CbFsNetRdr3.dll
2012-01-12 12:44 . 2010-05-15 14:55	318152	----a-w-	c:\windows\system32\drivers\cbfs3.sys
2012-01-12 12:44 . 2011-11-23 12:02	308736	----a-w-	c:\windows\system32\DTAG.Mediencenter.ShellExtension.dll
2012-01-12 12:44 . 2011-11-23 12:03	3897744	----a-w-	c:\windows\system32\Mediencenter_Uninstall.exe
2012-01-12 12:44 . 2012-01-12 12:44	--------	d-----w-	c:\program files\Telekom
2012-01-11 13:58 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 13:58 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 13:58 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 13:58 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 13:58 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 13:58 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 13:58 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 13:58 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-10 08:12 . 2012-01-10 08:12	--------	d-----w-	C:\BDLOGS
2011-12-31 10:34 . 2011-12-31 10:34	--------	d-----w-	c:\users\Chef\AppData\Roaming\elsterformular
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 18:18 . 2011-12-12 18:18	4771184	----a-w-	c:\windows\SysWow64\LxXtreme100.dll
2011-12-12 18:18 . 2011-12-12 18:18	104304	----a-w-	c:\windows\SysWow64\LxUISettingsN100.dll
2011-12-12 18:18 . 2011-12-12 18:18	25968	----a-w-	c:\windows\SysWow64\LxTPSW100.dll
2011-12-12 18:18 . 2011-12-12 18:18	1334640	----a-w-	c:\windows\SysWow64\LxTool100.dll
2011-12-12 18:18 . 2011-12-12 18:18	63344	----a-w-	c:\windows\SysWow64\LxPXTree100.dll
2011-12-12 18:18 . 2011-12-12 18:18	111472	----a-w-	c:\windows\SysWow64\LxODBC100.dll
2011-12-12 18:18 . 2011-12-12 18:18	127344	----a-w-	c:\windows\SysWow64\LxMail100.dll
2011-12-12 18:18 . 2011-12-12 18:18	200048	----a-w-	c:\windows\SysWow64\LxDBAL100.dll
2011-12-12 18:18 . 2011-12-12 18:18	76656	----a-w-	c:\windows\SysWow64\LxDAO100.dll
2011-12-12 18:18 . 2011-12-12 18:18	49520	----a-w-	c:\windows\SysWow64\LXCurr100.dll
2011-12-12 18:18 . 2011-12-12 18:18	67952	----a-w-	c:\windows\SysWow64\LxCI12.dll
2011-12-12 18:18 . 2011-12-12 18:18	193904	----a-w-	c:\windows\SysWow64\LxBasics100.dll
2011-12-09 14:05 . 2011-12-09 14:05	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-12-02 14:42 . 2011-10-21 13:40	685192	----a-w-	c:\windows\system32\drivers\avc3.sys
2011-12-02 14:42 . 2011-09-01 09:15	543528	----a-w-	c:\windows\system32\drivers\avckf.sys
2011-12-02 14:42 . 2011-07-15 14:12	258736	----a-w-	c:\windows\system32\drivers\avchv.sys
2011-11-24 10:34 . 2011-11-24 10:34	28632	----a-w-	c:\windows\SysWow64\drivers\virtualdisk.sys
2011-11-24 04:52 . 2011-12-14 16:57	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-23 16:01 . 2011-11-23 16:01	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:22 . 2011-11-23 10:49	8398848	----a-w-	c:\users\Rums\PCPE_3.0.1.msi
2011-11-23 13:22 . 2011-11-23 10:49	8975736	----a-w-	c:\users\Rums\PCPE Setup.exe
2011-11-23 13:22 . 2011-11-23 10:49	626688	----a-w-	c:\users\Rums\msvcr80.dll
2011-11-23 13:22 . 2011-11-23 10:49	21880	----a-w-	c:\users\Rums\grm_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	21880	----a-w-	c:\users\Rums\fr_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	21368	----a-w-	c:\users\Rums\pt_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	21368	----a-w-	c:\users\Rums\it_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	21368	----a-w-	c:\users\Rums\es_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	21368	----a-w-	c:\users\Rums\en_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	20856	----a-w-	c:\users\Rums\ru_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	20344	----a-w-	c:\users\Rums\jp_res.dll
2011-11-23 13:22 . 2011-11-23 10:49	1079808	----a-w-	c:\users\Rums\mfc80u.dll
2011-11-23 10:00 . 2011-11-23 10:00	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 10:00 . 2011-11-23 10:00	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-11-23 10:00 . 2011-11-23 10:00	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-11-23 10:00 . 2011-11-23 10:00	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 10:00 . 2011-11-23 10:00	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-11-23 10:00 . 2011-11-23 10:00	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-11-23 10:00 . 2011-11-23 10:00	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-11-23 10:00 . 2011-11-23 10:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-11-23 10:00 . 2011-11-23 10:00	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-11-23 10:00 . 2011-11-23 10:00	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-11-23 10:00 . 2011-11-23 10:00	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-11-23 10:00 . 2011-11-23 10:00	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-11-23 10:00 . 2011-11-23 10:00	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-11-23 10:00 . 2011-11-23 10:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-11-23 10:00 . 2011-11-23 10:00	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-11-23 10:00 . 2011-11-23 10:00	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 10:00 . 2011-11-23 10:00	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-11-23 10:00 . 2011-11-23 10:00	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 10:00 . 2011-11-23 10:00	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 10:00 . 2011-11-23 10:00	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-11-23 10:00 . 2011-11-23 10:00	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-11-23 10:00 . 2011-11-23 10:00	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-11-23 10:00 . 2011-11-23 10:00	222208	----a-w-	c:\windows\system32\msls31.dll
2011-11-23 10:00 . 2011-11-23 10:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-11-23 10:00 . 2011-11-23 10:00	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-11-23 10:00 . 2011-11-23 10:00	12288	----a-w-	c:\windows\system32\mshta.exe
2011-11-23 10:00 . 2011-11-23 10:00	114176	----a-w-	c:\windows\system32\admparse.dll
2011-11-23 10:00 . 2011-11-23 10:00	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-11-23 10:00 . 2011-11-23 10:00	448512	----a-w-	c:\windows\system32\html.iec
2011-11-23 10:00 . 2011-11-23 10:00	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-11-23 10:00 . 2011-11-23 10:00	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-11-23 10:00 . 2011-11-23 10:00	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-23 10:00 . 2011-11-23 10:00	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-11-23 10:00 . 2011-11-23 10:00	160256	----a-w-	c:\windows\system32\wextract.exe
2011-11-23 08:49 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-11-23 08:49 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-11-22 17:07 . 2011-03-28 17:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-22 16:42 . 2011-03-01 15:45	90192	----a-w-	c:\windows\system32\drivers\bdfndisf6.sys
2011-11-22 07:53 . 2011-11-22 07:54	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-11-21 23:04 . 2011-11-21 23:04	416926	----a-w-	c:\programdata\1321915346.bdinstall.bin
2011-11-10 03:45 . 2011-11-10 03:45	10567680	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:20 . 2011-11-10 03:20	25218048	----a-w-	c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-05-25 03:07	774656	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2011-05-25 03:06	927232	----a-w-	c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12	516608	----a-w-	c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09	360448	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2011-11-10 03:06	6077952	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58	18996224	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2011-05-25 02:49	7405056	----a-w-	c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2011-11-10 02:40	4061696	----a-w-	c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34	13552640	----a-w-	c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2011-05-25 02:39	5852672	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29	11300864	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2011-05-25 02:50	4200960	----a-w-	c:\windows\SysWow64\atiumdva.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2011-09-12 688648]
R2 vrtldsksvc;Virtual Disk Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-22 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-22 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2011-11-23 12800]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-12-28 75384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-12-28 62512]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55	187672	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:02	308736	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-12-28 16:49	264344	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-12-28 16:49	264344	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-12-28 16:49	264344	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-12-28 16:49	264344	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-12-28 1063136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rums\AppData\Roaming\Mozilla\Firefox\Profiles\zae4ipwu.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-27  14:31:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-27 13:31
.
Vor Suchlauf: 12 Verzeichnis(se), 22.986.141.696 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.948.012.032 Bytes frei
.
- - End Of File - - EB199B7DFD635FD42728ADBF7DA765BB

--- --- ---

cosinus · 27.01.2012, 15:37

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Rums · 27.01.2012, 15:57

Code:

ATTFilter

 aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-27 15:50:40
-----------------------------
15:50:40.392    OS Version: Windows x64 6.1.7601 Service Pack 1
15:50:40.392    Number of processors: 4 586 0x102
15:50:40.392    ComputerName: Rums  UserName: 
15:50:41.733    Initialize success
15:51:16.205    AVAST engine download error: 0
15:52:39.216    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
15:52:39.232    Disk 0 Vendor: AMD_____ 1.10 Size: 237464MB BusType: 8
15:52:39.247    Disk 0 MBR read successfully
15:52:39.247    Disk 0 MBR scan
15:52:39.247    Disk 0 Windows 7 default MBR code
15:52:39.263    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:52:39.263    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        61339 MB offset 206848
15:52:39.294    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       176023 MB offset 125829120
15:52:39.294    Service scanning
15:52:40.402    Modules scanning
15:52:40.402    Disk 0 trace - called modules:
15:52:40.417    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys 
15:52:40.433    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a53060]
15:52:40.433    3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> \Device\00000055[0xfffffa800787c9c0]
15:52:40.449    Scan finished successfully
15:53:43.172    Disk 0 MBR has been saved successfully to "C:\Users\Rums\Desktop\MBR.dat"
15:53:43.172    The log file has been saved successfully to "C:\Users\Rums\Desktop\aswMBR.txt"

26.01.2012, 17:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? Da geht leider nicht wirklich raus hervor, was denn nun gefunden wurde __________________ --> Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?

Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?

Log-Analyse und Auswertung: Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?