Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber? (https://www.trojaner-board.de/108596-win32-bublik-b-trojaner-entfernt-system-sauber.html)

Rums 25.01.2012 17:32

Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
 
Hallo,
gestern hab ich klugerweise einen Mail Anhang (exe) ausgeführt (Mail Betreff: DHL Express Notification). Ja ich weiß, sollte man nicht machen, hab aber im Brass exe überlesen!-(( Beim Doppelklick wurde es mir aber bewußt und ich hab den Rechner innerhalb von ca. 3 Minuten vom Netz getrennt. Mit einem anderen Rechner hab ich mir 2 Live CDs gemacht: Bitdefender und Windows Defender Offline. Bitdefender hat nichts gefunden (Begeisterung läuft nämlich auch als Total Security 2012 auf meinem System:-((( - Windows Defender hat mehrere Trojaner gefunden und entfernt: Win32/Bublik.b versteckte sich scheinbar in der ausgeführten exe und 3 weitere waren in Profilsicherungen von Thunderbird, die Namen hab ich allerdings vergessen.

Die Frage ist jetzt, war das alles oder versteckt sich bei mir noch mehr?

Defogger und OTL Ergebnisse habe ich angehängt.

Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:41 on 25/01/2012 (Rums)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Vielen Dank schon mal im Voraus!!!

cosinus 25.01.2012 20:19

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Rums 26.01.2012 11:27

Hallo Cosinus,

erst mal Danke für die schnelle Antwort! Ich habe alles durchlaufen lassen und es wurde nichts mehr gefunden!-) Hier sind die Ergebnisse:

Code:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rums :: Rums [Administrator]

26.01.2012 07:17:55
mbam-log-2012-01-26 (07-17-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319084
Laufzeit: 36 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27e6e4f389fa6547ad66655c6e7d59e2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 09:12:22
# local_time=2012-01-26 10:12:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 5523460 79192853 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=137947
# found=0
# cleaned=0
# scan_time=6138


cosinus 26.01.2012 16:14

Zitat:

Win32/Bublik.b Trojaner entfernt
Wie genau wurde der entfernt? Logs dazu?
ESET und Malwarebytes haben ja nichts mehr gefunden!

Rums 26.01.2012 16:44

Hallo Cosinus,

gefunden und entfernt wurden sie mit einer Windows Defender live cd

Code:

ERRORS_ONLY=0
MAX_SIZE=5120                           
APPEND=1
MAX_LINE_SIZE=256                           
-------------------------------------------------
START        2012/01/25 09:57:40:601 TID:836 PID:784

INFO        2012/01/25 09:57:40:601 TID:836 PID:784
Binary architecture is amd64

INFO        2012/01/25 09:57:40:616 TID:836 PID:784
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO        2012/01/25 09:57:40:616 TID:836 PID:784
CheckProcessorArchitecture returned 0x00000000

INFO        2012/01/25 09:57:40:616 TID:836 PID:784
SetRecoveryEnvironmentKey returned 0x00000000

INFO        2012/01/25 09:57:40:616 TID:836 PID:784
GetSystemSweeperPath returned 0x00000000

INFO        2012/01/25 09:57:40:616 TID:836 PID:784
Windows Defender Offline Directory = 'x:\Program Files\Microsoft Security Client'

WARNING        2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING        2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING        2012/01/25 09:57:40:616 TID:836 PID:784
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING        2012/01/25 09:57:40:632 TID:836 PID:784
Missing definitions file in 'F:\mpam-fex64.exe'

INFO        2012/01/25 09:57:40:632 TID:836 PID:784
Found definitions file in 'G:\mpam-fex64.exe'

INFO        2012/01/25 09:57:40:632 TID:836 PID:784
Signatures File Target = 'x:\Program Files\Microsoft Security Client\mpam-fe.exe'

INFO        2012/01/25 09:57:57:683 TID:836 PID:784
CopySignatureFile returned 0x00000000

INFO        2012/01/25 12:53:01:041 TID:836 PID:784
RunCallisto returned 0x00000000

FINISH        2012/01/25 12:53:01:041 TID:788 PID:784


START        2012/01/25 12:55:57:024 TID:840 PID:784

INFO        2012/01/25 12:55:57:024 TID:840 PID:784
Binary architecture is amd64

INFO        2012/01/25 12:55:57:055 TID:840 PID:784
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO        2012/01/25 12:55:57:055 TID:840 PID:784
CheckProcessorArchitecture returned 0x00000000

INFO        2012/01/25 12:55:57:055 TID:840 PID:784
SetRecoveryEnvironmentKey returned 0x00000000

INFO        2012/01/25 12:55:57:055 TID:840 PID:784
GetSystemSweeperPath returned 0x00000000

INFO        2012/01/25 12:55:57:055 TID:840 PID:784


Diese Logdatei habe ich dazu gefunden.

cosinus 26.01.2012 17:16

Da geht leider nicht wirklich raus hervor, was denn nun gefunden wurde :(

Rums 26.01.2012 17:36

Ich kann dir leider nicht mehr liefern, den einzigen Namen den ich mir aufgeschrieben hatte war dieser: Win32/Bublik.B.
Gefunden in dem Mail Anhang und in einer Windows Datei.

Kann denn trotzdem noch was irgendwo laufen? Oder ist die Wahrscheinlichkeit nach den Scans eher gering? Ist es zu empfehlen Malewarebytes Pro zu kaufen und neben Bitdefender Total Security laufen zu lassen, oder behindern die sich dann gegenseitig? Fragen über Fragen?-))

cosinus 26.01.2012 18:47

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Rums 27.01.2012 11:02

Hallo cosinus,

hier ist das Ergebnis:

Code:

OTL logfile created on: 27.01.2012 09:41:15 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,80% Memory free
15,95 Gb Paging File | 14,00 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,90 Gb Total Space | 21,52 Gb Free Space | 35,92% Space Free | Partition Type: NTFS
Drive D: | 171,90 Gb Total Space | 147,61 Gb Free Space | 85,87% Space Free | Partition Type: NTFS
 
Computer Name: Rums | User Name: Rums | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.25 15:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2011.08.24 14:42:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2009.12.15 17:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009.12.15 17:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.28 17:49:50 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011.12.28 17:49:46 | 001,950,448 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011.12.28 17:49:25 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.11.23 13:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.10.14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.09.12 09:58:20 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.08.24 14:57:48 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2011.08.24 14:48:02 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 17:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 15:05:39 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.12.02 15:42:22 | 000,685,192 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011.12.02 15:42:22 | 000,543,528 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011.12.02 15:42:21 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.29 15:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010.05.15 15:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009.07.17 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.02.12 17:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2011.11.24 11:34:30 | 000,028,632 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\virtualdisk.sys -- (vrtldskdrv)
DRV - [2011.11.22 17:42:54 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.22 17:42:53 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.23 16:01:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 10:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.18 09:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011.11.22 00:00:58 | 000,000,000 | ---D | M]
 
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rums\AppData\Roaming\mozilla\Extensions
[2012.01.23 16:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:01:27 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.27 20:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.01.23 16:01:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.23 16:01:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.23 16:01:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.23 16:01:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.23 16:01:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.23 16:01:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCC4906-9D72-4113-87AC-B5DC70F4D7D0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 16:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.26 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Secunia PSI
[2012.01.26 16:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.01.26 07:17:15 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\Malwarebytes
[2012.01.25 18:57:57 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.01.25 18:57:40 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012.01.25 16:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.25 16:58:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.25 16:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Jajuk
[2012.01.13 13:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Roaming\inkscape
[2012.01.13 13:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2012.01.13 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\ElevatedDiagnostics
[2012.01.12 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Rums\AppData\Local\Telekom
[2012.01.12 13:44:51 | 000,216,856 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2012.01.12 13:44:51 | 000,187,672 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2012.01.12 13:44:51 | 000,155,416 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2012.01.12 13:44:51 | 000,139,032 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2012.01.12 13:44:50 | 000,318,152 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2012.01.12 13:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom
[2012.01.12 13:44:35 | 000,308,736 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\DTAG.Mediencenter.ShellExtension.dll
[2012.01.12 13:44:32 | 003,897,744 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\SysNative\Mediencenter_Uninstall.exe
[2012.01.12 13:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom
[2012.01.10 09:12:26 | 000,000,000 | ---D | C] -- C:\BDLOGS
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 09:37:07 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 09:34:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 09:34:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.27 09:34:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 09:34:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.27 09:34:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 09:29:48 | 000,324,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.27 09:29:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 09:29:23 | 2127,572,991 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.25 15:41:26 | 000,000,000 | ---- | M] () -- C:\Users\Rums\defogger_reenable
[2012.01.25 14:02:35 | 000,000,269 | -H-- | M] () -- C:\bdr-conf
[2012.01.18 09:39:38 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.13 13:46:06 | 000,000,765 | ---- | M] () -- C:\Users\Rums\.recently-used.xbel
[2012.01.12 13:47:52 | 000,000,021 | ---- | M] () -- C:\Users\Rums\AppData\Local\mc.pixel.data
[2012.01.12 13:44:46 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.01.12 13:44:46 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2012.01.09 13:29:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011.12.28 11:00:43 | 000,001,528 | ---- | M] () -- C:\Users\Rums\Desktop\AudialsOne 9 USB starten.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.26 16:07:38 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.01.25 15:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Rums\defogger_reenable
[2012.01.18 09:39:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.01.13 13:46:06 | 000,000,765 | ---- | C] () -- C:\Users\Rums\.recently-used.xbel
[2012.01.13 13:41:07 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.01.12 13:47:51 | 000,000,021 | ---- | C] () -- C:\Users\Rums\AppData\Local\mc.pixel.data
[2012.01.12 13:44:46 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter als Laufwerk.lnk
[2012.01.12 13:44:46 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Mediencenter Assistent.lnk
[2011.11.23 08:50:53 | 000,007,633 | ---- | C] () -- C:\Users\Rums\AppData\Local\Resmon.ResmonCfg
[2011.11.22 00:04:59 | 000,416,926 | ---- | C] () -- C:\ProgramData\1321915346.bdinstall.bin
[2011.11.21 22:10:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.21 22:10:29 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.11.21 22:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2009.12.15 17:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009.12.15 17:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.02.22 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll
[2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
 
========== LOP Check ==========
 
[2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender
[2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape
[2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware
[2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5
[2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird
[2009.07.14 06:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Adobe
[2011.11.21 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\ATI
[2011.11.22 00:38:27 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Bitdefender
[2011.11.21 21:49:04 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Identities
[2012.01.13 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\inkscape
[2011.11.23 10:59:35 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Lexware
[2011.11.24 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Macromedia
[2012.01.26 07:17:15 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Media Center Programs
[2011.11.29 15:29:33 | 000,000,000 | --SD | M] -- C:\Users\Rums\AppData\Roaming\Microsoft
[2011.11.22 01:25:41 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Mozilla
[2011.11.24 12:36:46 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\PersBackup5
[2011.11.21 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\QuickScan
[2011.11.21 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rums\AppData\Roaming\Thunderbird
 
< %APPDATA%\*.exe /s >
[2011.11.29 15:29:33 | 000,088,102 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{10EBB586-D21E-60CA-0856-AA753EBE1F16}\ARPPRODUCTICON.exe
[2011.12.28 11:00:42 | 000,188,478 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\AudialsOne_installer.exe
[2011.12.28 11:00:42 | 000,230,164 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext.exe
[2011.12.28 11:00:42 | 000,229,348 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_1.exe
[2011.12.28 11:00:42 | 000,233,135 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\ext_2.exe
[2011.12.28 11:00:41 | 000,014,534 | R--- | M] () -- C:\Users\Rums\AppData\Roaming\Microsoft\Installer\{C58954AA-C5EE-4CD2-AF4C-D94FAC0D59CA}\SystemFolder_msiexec.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011.10.14 22:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >


cosinus 27.01.2012 12:53

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Rums 27.01.2012 13:37

Hier das Log vom TDSS-Killer:

Code:

13:28:37.0488 5628        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:28:39.0500 5628        ============================================================
13:28:39.0500 5628        Current date / time: 2012/01/27 13:28:39.0500
13:28:39.0500 5628        SystemInfo:
13:28:39.0500 5628       
13:28:39.0500 5628        OS Version: 6.1.7601 ServicePack: 1.0
13:28:39.0500 5628        Product type: Workstation
13:28:39.0500 5628        ComputerName: Rums
13:28:39.0500 5628        UserName: Rums
13:28:39.0500 5628        Windows directory: C:\Windows
13:28:39.0500 5628        System windows directory: C:\Windows
13:28:39.0500 5628        Running under WOW64
13:28:39.0500 5628        Processor architecture: Intel x64
13:28:39.0500 5628        Number of processors: 4
13:28:39.0500 5628        Page size: 0x1000
13:28:39.0500 5628        Boot type: Normal boot
13:28:39.0500 5628        ============================================================
13:28:41.0981 5628        Drive \Device\Harddisk0\DR0 - Size: 0x39F98E0000 (231.90 Gb), SectorSize: 0x200, Cylinders: 0x7640, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:28:42.0059 5628        Initialize success
13:29:02.0542 3968        ============================================================
13:29:02.0542 3968        Scan started
13:29:02.0542 3968        Mode: Manual; SigCheck; TDLFS;
13:29:02.0542 3968        ============================================================
13:29:06.0005 3968        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:29:06.0130 3968        1394ohci - ok
13:29:06.0176 3968        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:29:06.0208 3968        ACPI - ok
13:29:06.0239 3968        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:29:06.0332 3968        AcpiPmi - ok
13:29:06.0410 3968        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:29:06.0442 3968        adp94xx - ok
13:29:06.0473 3968        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:29:06.0488 3968        adpahci - ok
13:29:06.0504 3968        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:29:06.0504 3968        adpu320 - ok
13:29:06.0582 3968        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:29:06.0629 3968        AFD - ok
13:29:06.0691 3968        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:29:06.0722 3968        agp440 - ok
13:29:06.0769 3968        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:29:06.0800 3968        aliide - ok
13:29:06.0863 3968        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:29:06.0894 3968        amdide - ok
13:29:06.0910 3968        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:29:07.0066 3968        amdiox64 - ok
13:29:07.0128 3968        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:29:07.0190 3968        AmdK8 - ok
13:29:07.0424 3968        amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:29:07.0674 3968        amdkmdag - ok
13:29:07.0752 3968        amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
13:29:07.0799 3968        amdkmdap - ok
13:29:07.0861 3968        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:29:07.0908 3968        AmdPPM - ok
13:29:07.0986 3968        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:29:08.0002 3968        amdsata - ok
13:29:08.0033 3968        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:29:08.0064 3968        amdsbs - ok
13:29:08.0080 3968        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:29:08.0111 3968        amdxata - ok
13:29:08.0189 3968        AODDriver4.01  (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:29:08.0220 3968        AODDriver4.01 - ok
13:29:08.0298 3968        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:29:08.0360 3968        AppID - ok
13:29:08.0438 3968        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:29:08.0454 3968        arc - ok
13:29:08.0470 3968        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:29:08.0485 3968        arcsas - ok
13:29:08.0501 3968        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:08.0610 3968        AsyncMac - ok
13:29:08.0688 3968        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:29:08.0704 3968        atapi - ok
13:29:08.0797 3968        AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
13:29:08.0813 3968        AtiHDAudioService - ok
13:29:08.0875 3968        AtiPcie        (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:29:08.0906 3968        AtiPcie - ok
13:29:09.0000 3968        avc3            (e275a45da5e9e6f043c47c245a9007aa) C:\Windows\system32\DRIVERS\avc3.sys
13:29:09.0031 3968        avc3 - ok
13:29:09.0094 3968        avchv          (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
13:29:09.0125 3968        avchv - ok
13:29:09.0203 3968        avckf          (3c64d0e61572bfe2c5c2beb8cb850d5b) C:\Windows\system32\DRIVERS\avckf.sys
13:29:09.0250 3968        avckf - ok
13:29:09.0343 3968        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:29:09.0390 3968        b06bdrv - ok
13:29:09.0468 3968        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:29:09.0515 3968        b57nd60a - ok
13:29:09.0608 3968        BdfNdisf        (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
13:29:09.0624 3968        BdfNdisf - ok
13:29:09.0702 3968        bdfsfltr        (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
13:29:09.0733 3968        bdfsfltr - ok
13:29:09.0796 3968        bdfwfpf        (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
13:29:09.0811 3968        bdfwfpf - ok
13:29:10.0030 3968        bdsandbox      (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys
13:29:10.0045 3968        bdsandbox - ok
13:29:10.0092 3968        BDVEDISK        (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
13:29:10.0123 3968        BDVEDISK - ok
13:29:10.0170 3968        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:29:10.0248 3968        Beep - ok
13:29:10.0295 3968        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:29:10.0326 3968        blbdrive - ok
13:29:10.0373 3968        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:29:10.0420 3968        bowser - ok
13:29:10.0451 3968        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:29:10.0529 3968        BrFiltLo - ok
13:29:10.0560 3968        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:29:10.0607 3968        BrFiltUp - ok
13:29:10.0669 3968        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:29:10.0716 3968        Brserid - ok
13:29:10.0794 3968        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:29:10.0825 3968        BrSerWdm - ok
13:29:10.0903 3968        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:29:10.0934 3968        BrUsbMdm - ok
13:29:11.0012 3968        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:29:11.0044 3968        BrUsbSer - ok
13:29:11.0059 3968        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:29:11.0090 3968        BTHMODEM - ok
13:29:11.0168 3968        cbfs3          (133aaf85c55d25766ffb7b1f0b85bb8f) C:\Windows\system32\drivers\cbfs3.sys
13:29:11.0200 3968        cbfs3 - ok
13:29:11.0231 3968        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:29:11.0262 3968        cdfs - ok
13:29:11.0309 3968        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:29:11.0356 3968        cdrom - ok
13:29:11.0434 3968        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:29:11.0496 3968        circlass - ok
13:29:11.0558 3968        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:29:11.0605 3968        CLFS - ok
13:29:11.0668 3968        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:29:11.0714 3968        CmBatt - ok
13:29:11.0730 3968        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:29:11.0761 3968        cmdide - ok
13:29:11.0777 3968        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:29:11.0808 3968        CNG - ok
13:29:11.0839 3968        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:29:11.0855 3968        Compbatt - ok
13:29:11.0886 3968        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:29:11.0933 3968        CompositeBus - ok
13:29:11.0980 3968        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:29:11.0995 3968        crcdisk - ok
13:29:12.0073 3968        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:29:12.0120 3968        DfsC - ok
13:29:12.0167 3968        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:29:12.0229 3968        discache - ok
13:29:12.0276 3968        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:29:12.0307 3968        Disk - ok
13:29:12.0338 3968        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:29:12.0370 3968        drmkaud - ok
13:29:12.0385 3968        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:29:12.0416 3968        DXGKrnl - ok
13:29:12.0494 3968        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:29:12.0588 3968        ebdrv - ok
13:29:12.0682 3968        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:29:12.0728 3968        elxstor - ok
13:29:12.0775 3968        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:29:12.0806 3968        ErrDev - ok
13:29:12.0853 3968        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:29:12.0916 3968        exfat - ok
13:29:12.0947 3968        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:29:13.0025 3968        fastfat - ok
13:29:13.0087 3968        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:29:13.0134 3968        fdc - ok
13:29:13.0196 3968        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:29:13.0228 3968        FileInfo - ok
13:29:13.0243 3968        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:29:13.0306 3968        Filetrace - ok
13:29:13.0352 3968        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:13.0384 3968        flpydisk - ok
13:29:13.0430 3968        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:29:13.0462 3968        FltMgr - ok
13:29:13.0493 3968        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:29:13.0508 3968        FsDepends - ok
13:29:13.0540 3968        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:29:13.0540 3968        Fs_Rec - ok
13:29:13.0586 3968        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:29:13.0618 3968        fvevol - ok
13:29:13.0649 3968        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:29:13.0664 3968        gagp30kx - ok
13:29:13.0680 3968        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:29:13.0711 3968        hcw85cir - ok
13:29:13.0789 3968        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:29:13.0836 3968        HdAudAddService - ok
13:29:13.0883 3968        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:29:13.0930 3968        HDAudBus - ok
13:29:13.0945 3968        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:29:13.0976 3968        HidBatt - ok
13:29:14.0023 3968        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:29:14.0070 3968        HidBth - ok
13:29:14.0070 3968        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:29:14.0101 3968        HidIr - ok
13:29:14.0164 3968        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:29:14.0195 3968        HidUsb - ok
13:29:14.0273 3968        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:29:14.0288 3968        HpSAMD - ok
13:29:14.0335 3968        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:29:14.0413 3968        HTTP - ok
13:29:14.0491 3968        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:29:14.0507 3968        hwpolicy - ok
13:29:14.0538 3968        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:29:14.0554 3968        i8042prt - ok
13:29:14.0600 3968        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:29:14.0632 3968        iaStorV - ok
13:29:14.0694 3968        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:29:14.0725 3968        iirsp - ok
13:29:14.0819 3968        IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
13:29:14.0850 3968        IntcAzAudAddService - ok
13:29:14.0881 3968        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:29:14.0881 3968        intelide - ok
13:29:14.0912 3968        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:29:14.0944 3968        intelppm - ok
13:29:15.0006 3968        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:15.0068 3968        IpFilterDriver - ok
13:29:15.0131 3968        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:29:15.0162 3968        IPMIDRV - ok
13:29:15.0224 3968        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:29:15.0287 3968        IPNAT - ok
13:29:15.0365 3968        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:29:15.0427 3968        IRENUM - ok
13:29:15.0474 3968        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:29:15.0505 3968        isapnp - ok
13:29:15.0521 3968        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:29:15.0552 3968        iScsiPrt - ok
13:29:15.0583 3968        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:29:15.0583 3968        kbdclass - ok
13:29:15.0661 3968        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:29:15.0708 3968        kbdhid - ok
13:29:15.0724 3968        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:29:15.0739 3968        KSecDD - ok
13:29:15.0786 3968        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:29:15.0802 3968        KSecPkg - ok
13:29:15.0848 3968        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:29:15.0911 3968        ksthunk - ok
13:29:15.0989 3968        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:29:16.0036 3968        lltdio - ok
13:29:16.0067 3968        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:29:16.0082 3968        LSI_FC - ok
13:29:16.0098 3968        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:29:16.0114 3968        LSI_SAS - ok
13:29:16.0129 3968        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:29:16.0145 3968        LSI_SAS2 - ok
13:29:16.0160 3968        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:29:16.0192 3968        LSI_SCSI - ok
13:29:16.0457 3968        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:29:16.0535 3968        luafv - ok
13:29:16.0784 3968        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:29:16.0816 3968        megasas - ok
13:29:16.0878 3968        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:29:16.0909 3968        MegaSR - ok
13:29:16.0925 3968        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:29:16.0972 3968        Modem - ok
13:29:17.0018 3968        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:29:17.0050 3968        monitor - ok
13:29:17.0112 3968        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:29:17.0128 3968        mouclass - ok
13:29:17.0159 3968        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:29:17.0190 3968        mouhid - ok
13:29:17.0237 3968        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:29:17.0252 3968        mountmgr - ok
13:29:17.0284 3968        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:29:17.0299 3968        mpio - ok
13:29:17.0315 3968        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:29:17.0346 3968        mpsdrv - ok
13:29:17.0377 3968        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:29:17.0455 3968        MRxDAV - ok
13:29:17.0502 3968        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:17.0564 3968        mrxsmb - ok
13:29:17.0627 3968        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:17.0674 3968        mrxsmb10 - ok
13:29:17.0736 3968        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:17.0767 3968        mrxsmb20 - ok
13:29:17.0798 3968        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:29:17.0814 3968        msahci - ok
13:29:17.0845 3968        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:29:17.0845 3968        msdsm - ok
13:29:17.0876 3968        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:29:17.0923 3968        Msfs - ok
13:29:17.0923 3968        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:29:17.0986 3968        mshidkmdf - ok
13:29:18.0032 3968        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:29:18.0064 3968        msisadrv - ok
13:29:18.0126 3968        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:29:18.0188 3968        MSKSSRV - ok
13:29:18.0251 3968        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:18.0313 3968        MSPCLOCK - ok
13:29:18.0391 3968        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:29:18.0469 3968        MSPQM - ok
13:29:18.0532 3968        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:29:18.0563 3968        MsRPC - ok
13:29:18.0594 3968        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:29:18.0610 3968        mssmbios - ok
13:29:18.0656 3968        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:29:18.0750 3968        MSTEE - ok
13:29:18.0750 3968        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:29:18.0781 3968        MTConfig - ok
13:29:18.0859 3968        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
13:29:18.0875 3968        MTsensor - ok
13:29:18.0937 3968        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:29:18.0953 3968        Mup - ok
13:29:19.0031 3968        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:29:19.0093 3968        NativeWifiP - ok
13:29:19.0171 3968        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:29:19.0234 3968        NDIS - ok
13:29:19.0296 3968        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:29:19.0358 3968        NdisCap - ok
13:29:19.0390 3968        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:19.0421 3968        NdisTapi - ok
13:29:19.0468 3968        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:19.0530 3968        Ndisuio - ok
13:29:19.0592 3968        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:19.0780 3968        NdisWan - ok
13:29:19.0842 3968        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:29:19.0904 3968        NDProxy - ok
13:29:19.0967 3968        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:29:20.0029 3968        NetBIOS - ok
13:29:20.0076 3968        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:29:20.0107 3968        NetBT - ok
13:29:20.0232 3968        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:29:20.0263 3968        nfrd960 - ok
13:29:20.0310 3968        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:29:20.0357 3968        Npfs - ok
13:29:20.0388 3968        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:29:20.0419 3968        nsiproxy - ok
13:29:20.0466 3968        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:29:20.0528 3968        Ntfs - ok
13:29:20.0575 3968        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:29:20.0638 3968        Null - ok
13:29:20.0700 3968        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:29:20.0731 3968        nvraid - ok
13:29:20.0794 3968        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:29:20.0825 3968        nvstor - ok
13:29:20.0856 3968        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:29:20.0872 3968        nv_agp - ok
13:29:20.0903 3968        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:29:20.0950 3968        ohci1394 - ok
13:29:21.0028 3968        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:29:21.0059 3968        Parport - ok
13:29:21.0090 3968        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:29:21.0106 3968        partmgr - ok
13:29:21.0152 3968        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:29:21.0168 3968        pci - ok
13:29:21.0184 3968        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:29:21.0199 3968        pciide - ok
13:29:21.0246 3968        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:29:21.0277 3968        pcmcia - ok
13:29:21.0293 3968        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:29:21.0308 3968        pcw - ok
13:29:21.0386 3968        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:29:21.0464 3968        PEAUTH - ok
13:29:21.0558 3968        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:21.0605 3968        PptpMiniport - ok
13:29:21.0636 3968        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:29:21.0652 3968        Processor - ok
13:29:21.0714 3968        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:29:21.0792 3968        Psched - ok
13:29:21.0932 3968        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
13:29:21.0948 3968        PSI - ok
13:29:22.0010 3968        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:29:22.0088 3968        ql2300 - ok
13:29:22.0135 3968        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:29:22.0166 3968        ql40xx - ok
13:29:22.0182 3968        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:29:22.0229 3968        QWAVEdrv - ok
13:29:22.0244 3968        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:22.0276 3968        RasAcd - ok
13:29:22.0322 3968        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:29:22.0354 3968        RasAgileVpn - ok
13:29:22.0385 3968        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:22.0432 3968        Rasl2tp - ok
13:29:22.0494 3968        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:22.0572 3968        RasPppoe - ok
13:29:22.0634 3968        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:22.0712 3968        RasSstp - ok
13:29:22.0728 3968        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:22.0775 3968        rdbss - ok
13:29:22.0790 3968        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:29:22.0822 3968        rdpbus - ok
13:29:22.0837 3968        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:22.0884 3968        RDPCDD - ok
13:29:22.0946 3968        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:29:23.0009 3968        RDPENCDD - ok
13:29:23.0009 3968        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:29:23.0040 3968        RDPREFMP - ok
13:29:23.0087 3968        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:29:23.0134 3968        RDPWD - ok
13:29:23.0196 3968        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:29:23.0212 3968        rdyboost - ok
13:29:23.0258 3968        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:23.0305 3968        rspndr - ok
13:29:23.0399 3968        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:29:23.0430 3968        RTL8167 - ok
13:29:23.0524 3968        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:29:23.0524 3968        sbp2port - ok
13:29:23.0555 3968        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:29:23.0602 3968        scfilter - ok
13:29:23.0648 3968        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:29:23.0680 3968        secdrv - ok
13:29:23.0758 3968        Ser2pl          (2cd118925f9cdf665f7c08aecd8177ef) C:\Windows\system32\DRIVERS\ser2pl64.sys
13:29:23.0804 3968        Ser2pl - ok
13:29:23.0820 3968        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:29:23.0851 3968        Serenum - ok
13:29:23.0898 3968        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:29:23.0929 3968        Serial - ok
13:29:23.0945 3968        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:29:23.0976 3968        sermouse - ok
13:29:23.0992 3968        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:29:24.0038 3968        sffdisk - ok
13:29:24.0085 3968        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:24.0116 3968        sffp_mmc - ok
13:29:24.0132 3968        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:29:24.0148 3968        sffp_sd - ok
13:29:24.0163 3968        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:29:24.0194 3968        sfloppy - ok
13:29:24.0257 3968        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:29:24.0288 3968        SiSRaid2 - ok
13:29:24.0304 3968        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:29:24.0319 3968        SiSRaid4 - ok
13:29:24.0335 3968        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:29:24.0397 3968        Smb - ok
13:29:24.0460 3968        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:29:24.0491 3968        spldr - ok
13:29:24.0522 3968        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:29:24.0569 3968        srv - ok
13:29:24.0647 3968        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:29:24.0678 3968        srv2 - ok
13:29:24.0694 3968        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:24.0725 3968        srvnet - ok
13:29:24.0818 3968        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:29:24.0850 3968        stexstor - ok
13:29:24.0881 3968        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:29:24.0896 3968        swenum - ok
13:29:24.0974 3968        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:29:25.0052 3968        Tcpip - ok
13:29:25.0146 3968        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:29:25.0193 3968        TCPIP6 - ok
13:29:25.0208 3968        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:29:25.0255 3968        tcpipreg - ok
13:29:25.0286 3968        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:29:25.0333 3968        TDPIPE - ok
13:29:25.0380 3968        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:29:25.0411 3968        TDTCP - ok
13:29:25.0442 3968        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:29:25.0520 3968        tdx - ok
13:29:25.0536 3968        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:29:25.0552 3968        TermDD - ok
13:29:25.0645 3968        truecrypt      (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
13:29:25.0661 3968        truecrypt - ok
13:29:25.0692 3968        trufos          (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
13:29:25.0708 3968        trufos - ok
13:29:25.0770 3968        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:25.0832 3968        tssecsrv - ok
13:29:25.0910 3968        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:29:25.0942 3968        TsUsbFlt - ok
13:29:26.0020 3968        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:29:26.0082 3968        tunnel - ok
13:29:26.0144 3968        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:29:26.0160 3968        uagp35 - ok
13:29:26.0176 3968        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:29:26.0222 3968        udfs - ok
13:29:26.0254 3968        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:29:26.0254 3968        uliagpkx - ok
13:29:26.0316 3968        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:29:26.0347 3968        umbus - ok
13:29:26.0394 3968        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:29:26.0425 3968        UmPass - ok
13:29:26.0472 3968        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
13:29:26.0519 3968        usbccgp - ok
13:29:26.0534 3968        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:29:26.0581 3968        usbcir - ok
13:29:26.0597 3968        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:29:26.0612 3968        usbehci - ok
13:29:26.0690 3968        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:29:26.0706 3968        usbhub - ok
13:29:26.0722 3968        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:29:26.0753 3968        usbohci - ok
13:29:26.0800 3968        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:29:26.0831 3968        usbprint - ok
13:29:26.0924 3968        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:27.0002 3968        USBSTOR - ok
13:29:27.0221 3968        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:29:27.0268 3968        usbuhci - ok
13:29:27.0424 3968        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:29:27.0439 3968        vdrvroot - ok
13:29:27.0502 3968        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:27.0533 3968        vga - ok
13:29:27.0548 3968        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:29:27.0611 3968        VgaSave - ok
13:29:27.0673 3968        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:29:27.0704 3968        vhdmp - ok
13:29:27.0751 3968        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:29:27.0767 3968        viaide - ok
13:29:27.0782 3968        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:29:27.0814 3968        volmgr - ok
13:29:27.0860 3968        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:29:27.0892 3968        volmgrx - ok
13:29:27.0923 3968        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:29:27.0938 3968        volsnap - ok
13:29:27.0985 3968        vrtldskdrv - ok
13:29:28.0110 3968        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:29:28.0141 3968        vsmraid - ok
13:29:28.0157 3968        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:29:28.0188 3968        vwifibus - ok
13:29:28.0204 3968        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:29:28.0219 3968        WacomPen - ok
13:29:28.0282 3968        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:28.0328 3968        WANARP - ok
13:29:28.0328 3968        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:28.0360 3968        Wanarpv6 - ok
13:29:28.0438 3968        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:29:28.0453 3968        Wd - ok
13:29:28.0484 3968        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:29:28.0531 3968        Wdf01000 - ok
13:29:28.0625 3968        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:29:28.0672 3968        WfpLwf - ok
13:29:28.0687 3968        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:29:28.0687 3968        WIMMount - ok
13:29:28.0781 3968        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:29:28.0812 3968        WmiAcpi - ok
13:29:28.0890 3968        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:29:28.0937 3968        ws2ifsl - ok
13:29:28.0968 3968        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:29:29.0015 3968        WudfPf - ok
13:29:29.0030 3968        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:29:29.0077 3968        WUDFRd - ok
13:29:29.0108 3968        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:29:29.0171 3968        \Device\Harddisk0\DR0 - ok
13:29:29.0171 3968        Boot (0x1200)  (cb3aab7997e7a36ba3eb363299b5decf) \Device\Harddisk0\DR0\Partition0
13:29:29.0171 3968        \Device\Harddisk0\DR0\Partition0 - ok
13:29:29.0186 3968        Boot (0x1200)  (092b7a00dc2790e4f5c5ecedc454184f) \Device\Harddisk0\DR0\Partition1
13:29:29.0186 3968        \Device\Harddisk0\DR0\Partition1 - ok
13:29:29.0202 3968        Boot (0x1200)  (9ad33df95a7b8b9d3cde9feb07604938) \Device\Harddisk0\DR0\Partition2
13:29:29.0202 3968        \Device\Harddisk0\DR0\Partition2 - ok
13:29:29.0202 3968        ============================================================
13:29:29.0202 3968        Scan finished
13:29:29.0202 3968        ============================================================
13:29:29.0218 4860        Detected object count: 0
13:29:29.0218 4860        Actual detected object count: 0


cosinus 27.01.2012 14:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rums 27.01.2012 14:41

Hier das Ergebnis:

Combofix Logfile:
Code:

ComboFix 12-01-27.01 - Rums 27.01.2012  14:20:34.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8167.6188 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rums\ResourceReader.dll
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-27 bis 2012-01-27  ))))))))))))))))))))))))))))))
.
.
2012-01-27 13:24 . 2012-01-27 13:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-27 13:24 . 2012-01-27 13:27        --------        d-----w-        c:\users\Rums\AppData\Local\temp
2012-01-26 15:14 . 2012-01-26 15:14        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-26 15:14 . 2012-01-26 15:14        --------        d-----w-        c:\program files\Java
2012-01-26 15:07 . 2012-01-26 15:07        --------        d-----w-        c:\users\Rums\AppData\Local\Secunia PSI
2012-01-26 15:07 . 2012-01-26 15:07        --------        d-----w-        c:\program files (x86)\Secunia
2012-01-26 06:17 . 2012-01-26 06:17        --------        d-----w-        c:\users\Rums\AppData\Roaming\Malwarebytes
2012-01-25 17:57 . 2012-01-25 20:56        --------        d-----w-        c:\windows\Microsoft Antimalware
2012-01-25 17:57 . 2012-01-25 17:57        --------        d-----w-        c:\windows\Windows Defender Offline
2012-01-25 15:58 . 2012-01-25 15:58        --------        d-----w-        c:\users\Chef\AppData\Roaming\Malwarebytes
2012-01-25 15:58 . 2012-01-25 15:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 15:58 . 2012-01-25 15:58        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-25 15:58 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-24 14:59 . 2012-01-24 14:59        --------        d-----w-        c:\users\Chef\AppData\Roaming\QuickScan
2012-01-23 15:01 . 2012-01-23 15:01        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-23 15:01 . 2012-01-23 15:01        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-23 15:01 . 2012-01-23 15:01        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-23 15:01 . 2012-01-23 15:01        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-13 15:01 . 2012-01-13 15:01        --------        d-----w-        c:\users\Chef\AppData\Roaming\inkscape
2012-01-13 13:04 . 2012-01-13 14:56        --------        d-----w-        c:\users\Chef\.jajuk
2012-01-13 12:49 . 2012-01-13 13:02        --------        d-----w-        c:\program files\Jajuk
2012-01-13 12:42 . 2012-01-13 12:42        --------        d-----w-        c:\users\Rums\AppData\Roaming\inkscape
2012-01-13 12:35 . 2012-01-13 12:41        --------        d-----w-        c:\program files (x86)\Inkscape
2012-01-13 10:25 . 2012-01-13 10:25        --------        d-----w-        c:\users\Rums\AppData\Local\ElevatedDiagnostics
2012-01-12 12:52 . 2012-01-12 12:52        --------        d-----w-        c:\users\Chef\AppData\Local\Telekom
2012-01-12 12:48 . 2012-01-12 12:48        --------        d-----w-        c:\users\Rums\AppData\Local\Telekom
2012-01-12 12:44 . 2010-05-15 14:55        216856        ----a-w-        c:\windows\SysWow64\CbFsNetRdr3.dll
2012-01-12 12:44 . 2010-05-15 14:55        187672        ----a-w-        c:\windows\system32\CbFsMntNtf3.dll
2012-01-12 12:44 . 2010-05-15 14:55        155416        ----a-w-        c:\windows\SysWow64\CbFsMntNtf3.dll
2012-01-12 12:44 . 2010-05-15 14:55        139032        ----a-w-        c:\windows\system32\CbFsNetRdr3.dll
2012-01-12 12:44 . 2010-05-15 14:55        318152        ----a-w-        c:\windows\system32\drivers\cbfs3.sys
2012-01-12 12:44 . 2011-11-23 12:02        308736        ----a-w-        c:\windows\system32\DTAG.Mediencenter.ShellExtension.dll
2012-01-12 12:44 . 2011-11-23 12:03        3897744        ----a-w-        c:\windows\system32\Mediencenter_Uninstall.exe
2012-01-12 12:44 . 2012-01-12 12:44        --------        d-----w-        c:\program files\Telekom
2012-01-11 13:58 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 13:58 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 13:58 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 13:58 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 13:58 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 13:58 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-11 13:58 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 13:58 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-01-10 08:12 . 2012-01-10 08:12        --------        d-----w-        C:\BDLOGS
2011-12-31 10:34 . 2011-12-31 10:34        --------        d-----w-        c:\users\Chef\AppData\Roaming\elsterformular
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 18:18 . 2011-12-12 18:18        4771184        ----a-w-        c:\windows\SysWow64\LxXtreme100.dll
2011-12-12 18:18 . 2011-12-12 18:18        104304        ----a-w-        c:\windows\SysWow64\LxUISettingsN100.dll
2011-12-12 18:18 . 2011-12-12 18:18        25968        ----a-w-        c:\windows\SysWow64\LxTPSW100.dll
2011-12-12 18:18 . 2011-12-12 18:18        1334640        ----a-w-        c:\windows\SysWow64\LxTool100.dll
2011-12-12 18:18 . 2011-12-12 18:18        63344        ----a-w-        c:\windows\SysWow64\LxPXTree100.dll
2011-12-12 18:18 . 2011-12-12 18:18        111472        ----a-w-        c:\windows\SysWow64\LxODBC100.dll
2011-12-12 18:18 . 2011-12-12 18:18        127344        ----a-w-        c:\windows\SysWow64\LxMail100.dll
2011-12-12 18:18 . 2011-12-12 18:18        200048        ----a-w-        c:\windows\SysWow64\LxDBAL100.dll
2011-12-12 18:18 . 2011-12-12 18:18        76656        ----a-w-        c:\windows\SysWow64\LxDAO100.dll
2011-12-12 18:18 . 2011-12-12 18:18        49520        ----a-w-        c:\windows\SysWow64\LXCurr100.dll
2011-12-12 18:18 . 2011-12-12 18:18        67952        ----a-w-        c:\windows\SysWow64\LxCI12.dll
2011-12-12 18:18 . 2011-12-12 18:18        193904        ----a-w-        c:\windows\SysWow64\LxBasics100.dll
2011-12-09 14:05 . 2011-12-09 14:05        230864        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2011-12-02 14:42 . 2011-10-21 13:40        685192        ----a-w-        c:\windows\system32\drivers\avc3.sys
2011-12-02 14:42 . 2011-09-01 09:15        543528        ----a-w-        c:\windows\system32\drivers\avckf.sys
2011-12-02 14:42 . 2011-07-15 14:12        258736        ----a-w-        c:\windows\system32\drivers\avchv.sys
2011-11-24 10:34 . 2011-11-24 10:34        28632        ----a-w-        c:\windows\SysWow64\drivers\virtualdisk.sys
2011-11-24 04:52 . 2011-12-14 16:57        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-23 16:01 . 2011-11-23 16:01        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:22 . 2011-11-23 10:49        8398848        ----a-w-        c:\users\Rums\PCPE_3.0.1.msi
2011-11-23 13:22 . 2011-11-23 10:49        8975736        ----a-w-        c:\users\Rums\PCPE Setup.exe
2011-11-23 13:22 . 2011-11-23 10:49        626688        ----a-w-        c:\users\Rums\msvcr80.dll
2011-11-23 13:22 . 2011-11-23 10:49        21880        ----a-w-        c:\users\Rums\grm_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        21880        ----a-w-        c:\users\Rums\fr_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        21368        ----a-w-        c:\users\Rums\pt_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        21368        ----a-w-        c:\users\Rums\it_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        21368        ----a-w-        c:\users\Rums\es_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        21368        ----a-w-        c:\users\Rums\en_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        20856        ----a-w-        c:\users\Rums\ru_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        20344        ----a-w-        c:\users\Rums\jp_res.dll
2011-11-23 13:22 . 2011-11-23 10:49        1079808        ----a-w-        c:\users\Rums\mfc80u.dll
2011-11-23 10:00 . 2011-11-23 10:00        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 10:00 . 2011-11-23 10:00        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2011-11-23 10:00 . 2011-11-23 10:00        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2011-11-23 10:00 . 2011-11-23 10:00        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 10:00 . 2011-11-23 10:00        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2011-11-23 10:00 . 2011-11-23 10:00        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2011-11-23 10:00 . 2011-11-23 10:00        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2011-11-23 10:00 . 2011-11-23 10:00        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2011-11-23 10:00 . 2011-11-23 10:00        367104        ----a-w-        c:\windows\SysWow64\html.iec
2011-11-23 10:00 . 2011-11-23 10:00        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2011-11-23 10:00 . 2011-11-23 10:00        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-11-23 10:00 . 2011-11-23 10:00        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2011-11-23 10:00 . 2011-11-23 10:00        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2011-11-23 10:00 . 2011-11-23 10:00        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2011-11-23 10:00 . 2011-11-23 10:00        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2011-11-23 10:00 . 2011-11-23 10:00        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 10:00 . 2011-11-23 10:00        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2011-11-23 10:00 . 2011-11-23 10:00        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 10:00 . 2011-11-23 10:00        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 10:00 . 2011-11-23 10:00        76800        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-23 10:00 . 2011-11-23 10:00        49664        ----a-w-        c:\windows\system32\imgutil.dll
2011-11-23 10:00 . 2011-11-23 10:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-11-23 10:00 . 2011-11-23 10:00        222208        ----a-w-        c:\windows\system32\msls31.dll
2011-11-23 10:00 . 2011-11-23 10:00        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-11-23 10:00 . 2011-11-23 10:00        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-11-23 10:00 . 2011-11-23 10:00        12288        ----a-w-        c:\windows\system32\mshta.exe
2011-11-23 10:00 . 2011-11-23 10:00        114176        ----a-w-        c:\windows\system32\admparse.dll
2011-11-23 10:00 . 2011-11-23 10:00        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2011-11-23 10:00 . 2011-11-23 10:00        448512        ----a-w-        c:\windows\system32\html.iec
2011-11-23 10:00 . 2011-11-23 10:00        85504        ----a-w-        c:\windows\system32\iesetup.dll
2011-11-23 10:00 . 2011-11-23 10:00        603648        ----a-w-        c:\windows\system32\vbscript.dll
2011-11-23 10:00 . 2011-11-23 10:00        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-23 10:00 . 2011-11-23 10:00        165888        ----a-w-        c:\windows\system32\iexpress.exe
2011-11-23 10:00 . 2011-11-23 10:00        160256        ----a-w-        c:\windows\system32\wextract.exe
2011-11-23 08:49 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-11-23 08:49 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-11-22 17:07 . 2011-03-28 17:36        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-22 16:42 . 2011-03-01 15:45        90192        ----a-w-        c:\windows\system32\drivers\bdfndisf6.sys
2011-11-22 07:53 . 2011-11-22 07:54        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-11-21 23:04 . 2011-11-21 23:04        416926        ----a-w-        c:\programdata\1321915346.bdinstall.bin
2011-11-10 03:45 . 2011-11-10 03:45        10567680        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:20 . 2011-11-10 03:20        25218048        ----a-w-        c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-05-25 03:07        774656        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2011-05-25 03:06        927232        ----a-w-        c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12        516608        ----a-w-        c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11        204288        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09        360448        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2011-11-10 03:06        6077952        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58        18996224        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2011-05-25 02:49        7405056        ----a-w-        c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2011-11-10 02:40        4061696        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34        13552640        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2011-05-25 02:39        5852672        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29        11300864        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2011-05-25 02:50        4200960        ----a-w-        c:\windows\SysWow64\atiumdva.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2011-09-12 688648]
R2 vrtldsksvc;Virtual Disk Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-22 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-22 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2011-11-23 12800]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-12-28 75384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-12-28 62512]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55        187672        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:02        308736        ----a-w-        c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-12-28 16:49        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-12-28 16:49        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-12-28 16:49        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-12-28 16:49        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-12-28 1063136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rums\AppData\Roaming\Mozilla\Firefox\Profiles\zae4ipwu.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-27  14:31:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-27 13:31
.
Vor Suchlauf: 12 Verzeichnis(se), 22.986.141.696 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.948.012.032 Bytes frei
.
- - End Of File - - EB199B7DFD635FD42728ADBF7DA765BB

--- --- ---

cosinus 27.01.2012 15:37

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Rums 27.01.2012 15:57

Code:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-27 15:50:40
-----------------------------
15:50:40.392    OS Version: Windows x64 6.1.7601 Service Pack 1
15:50:40.392    Number of processors: 4 586 0x102
15:50:40.392    ComputerName: Rums  UserName:
15:50:41.733    Initialize success
15:51:16.205    AVAST engine download error: 0
15:52:39.216    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
15:52:39.232    Disk 0 Vendor: AMD_____ 1.10 Size: 237464MB BusType: 8
15:52:39.247    Disk 0 MBR read successfully
15:52:39.247    Disk 0 MBR scan
15:52:39.247    Disk 0 Windows 7 default MBR code
15:52:39.263    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:52:39.263    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        61339 MB offset 206848
15:52:39.294    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      176023 MB offset 125829120
15:52:39.294    Service scanning
15:52:40.402    Modules scanning
15:52:40.402    Disk 0 trace - called modules:
15:52:40.417    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys
15:52:40.433    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a53060]
15:52:40.433    3 CLASSPNP.SYS[fffff88001b5b43f] -> nt!IofCallDriver -> \Device\00000055[0xfffffa800787c9c0]
15:52:40.449    Scan finished successfully
15:53:43.172    Disk 0 MBR has been saved successfully to "C:\Users\Rums\Desktop\MBR.dat"
15:53:43.172    The log file has been saved successfully to "C:\Users\Rums\Desktop\aswMBR.txt"



Alle Zeitangaben in WEZ +1. Es ist jetzt 00:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131