Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 17:11   #1
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



Guten Tag,

aufmerksam habe ich bereits andere Threads gelesen und versucht in Kombination mit meinem eigenen Können (Lesen und Anwenden) mein "GVU Ihr PC ist gesperrt"-Problem zu lösen. Vergebens.

Mein infizierter Standrechner zeigt nach dem Hochfahren den bekannten Problembildschirm an. Die Möglichkeit den Rechner im abgesicherten Modus zu starten, funktioniert nicht. Er läd sich zwar, doch sobald der Kennwort-Eingeben-Bildschirm erscheint, fährt er sich nach 10 Sekunden einfach runter und zwar in allen 3 abgesicherter-Modus-Möglichkeiten.

Mein Standrechner hat W7,32 bit. Mein Hilfsrechner ebenfalls (kein CD Laufwerk).

Bei den bootfähigen Sticks hat es auch geharpert. Ich las, dass W7 nicht gerne OTLPE bootfähig macht. Bevor ich meinen Rechner nun ganz abschieße, wende ich mich lieber an einen Hilfsbereiten mit den richtigen Softwareideen. Von Lösungsmöglichkeiten teilweise abzuschreiben und auf das eigene Problem anzuwenden, wird ja an einigen Stellen stark abgeraten.

Könnte eine Kapsersky WindowsUnlocker Methode bei mir helfen?

Vielen Dank im vorraus,
nyrt

Sekunde!

Gerade den Thread von gestern entdeckt. Passt vom Titel her zu meinem Problem. Ich schaue, ob ich die OTL Files hinbekomme!

Alt 14.01.2013, 18:46   #2
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 15.01.2013, 10:01   #3
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



Moin,

vielen Dank für die Hilfe.

Boot CD erstellt. Hat geklappt. Führe OTLPE aus. Die Frage "Do you wish to load the remote registry" kommt bei mir nicht. Stattdessen soll ich den Windows Ordner auswählen und danach kommt direkt die Frage mit "remote user profiles for scanning".

Auch wird nur die OTL.txt Datei erstellt. Lese, dass auch noch eine Extras.txt Datei erstellt werden müsste.

hier die otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/15/2013 10:33:47 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.50% Space Free | Partition Type: NTFS
Drive D: | 75.13 Gb Total Space | 38.56 Gb Free Space | 51.32% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 16.33 Gb Free Space | 83.59% Space Free | Partition Type: NTFS
Drive F: | 175.78 Gb Total Space | 55.77 Gb Free Space | 31.73% Space Free | Partition Type: NTFS
Drive G: | 175.78 Gb Total Space | 63.88 Gb Free Space | 36.34% Space Free | Partition Type: NTFS
Drive H: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.85 Gb Total Space | 1.85 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (mitsijm2012)
SRV - File not found [Auto] --  -- (AntiVirService)
SRV - File not found [Auto] --  -- (AntiVirSchedulerService)
SRV - [2013/01/14 07:30:24 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe -- (Winmgmt)
SRV - [2013/01/04 12:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/09/02 07:51:55 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/05/03 10:53:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/05/18 05:24:32 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/12/19 18:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- D:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/01/14 07:49:48 | 000,022,328 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/12/11 16:17:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 16:17:18 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 06:10:04 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/09/12 06:36:37 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/11 13:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/06/11 11:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/11 00:34:08 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/05/11 00:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/04/25 04:27:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/25 04:23:55 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/23 07:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/02/09 15:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/09 10:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011/05/18 05:12:08 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/23 06:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/13 17:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2008/11/16 11:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/19 18:04:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/12/19 18:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A8 6A 68 00 23 CD 01  [binary data]
IE - HKU\Step_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
 
 
[2013/01/13 11:29:40 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012/05/03 06:29:15 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKU\Step_ON_D\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] D:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Step_ON_D..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/24 00:43:12 | 000,000,224 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {073FDCA0-1998-DE8E-CBBA-A70AE1307521} - Internet Explorer
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {359FC3CE-4E8E-D845-B1F9-D9B7EC21549A} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8AAE06DA-3D1A-259A-2797-581B55E39372} - Microsoft Windows Media Player
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {95407D9E-38E3-2BB1-45A5-7F14749AE4A5} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CFCCD20E-4D39-9933-4272-F61C02830A9C} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - D:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - D:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/14 07:38:41 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2013/01/14 06:29:35 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Anno 1404
[2013/01/14 05:54:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Ubisoft
[2013/01/14 05:53:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Tages
[2013/01/14 04:41:22 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Amazon Downloader Logs
[2013/01/13 11:48:02 | 000,000,000 | ---D | C] -- D:\Windows\symbols
[2013/01/13 11:48:00 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Merge Modules
[2013/01/13 11:29:55 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\SpecialSavings
[2013/01/13 11:29:52 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService
[2013/01/13 11:29:51 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/01/13 11:29:47 | 000,000,000 | ---D | C] -- D:\Program Files\File Scout
[2013/01/13 11:29:44 | 000,000,000 | ---D | C] -- D:\ProgramData\BrowserProtect
[2013/01/13 11:29:40 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2013/01/13 11:28:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\Wajam
[2013/01/13 11:28:09 | 002,719,736 | ---- | C] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe
[2013/01/10 14:15:57 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server
[2013/01/10 14:13:23 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Visual Studio 2010
[2013/01/10 14:13:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SDKs
[2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Help Viewer
[2013/01/10 13:59:05 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- D:\Windows\System32\drivers\teamviewervpn.sys
[2013/01/10 13:57:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01
[2013/01/10 11:00:03 | 000,000,000 | ---D | C] -- D:\Users\Step\Desktop\Master
[2013/01/10 10:02:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll
[2013/01/10 10:02:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll
[2013/01/10 10:02:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dcsx_43.dll
[2013/01/10 10:02:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_7.dll
[2013/01/10 10:02:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_43.dll
[2013/01/10 10:02:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx11_43.dll
[2013/01/10 10:02:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_7.dll
[2013/01/10 10:02:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_5.dll
[2012/12/20 10:57:57 | 000,000,000 | RH-D | C] -- D:\MSOCache
[2012/12/20 10:52:53 | 000,000,000 | --SD | C] -- D:\Users\Step\Documents\Meine Shapes
[2012/12/20 10:50:22 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Analysis Services
[2012/12/20 08:48:05 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\e-academy Inc
[2012/12/19 04:45:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/14 11:45:10 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 11:44:47 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 11:44:47 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 11:39:44 | 000,000,500 | ---- | M] () -- D:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/01/14 11:38:44 | 095,023,320 | ---- | M] () -- D:\ProgramData\RWvESYd.pad
[2013/01/14 11:38:13 | 000,000,878 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 11:37:09 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/01/14 11:36:53 | 2616,496,128 | -HS- | M] () -- D:\hiberfil.sys
[2013/01/14 07:50:35 | 000,103,736 | ---- | M] () -- D:\Windows\System32\PnkBstrB.ex0
[2013/01/14 07:49:48 | 000,022,328 | ---- | M] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2013/01/14 07:30:27 | 000,003,174 | ---- | M] () -- D:\ProgramData\RWvESYd.js
[2013/01/14 07:30:27 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 07:03:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 06:54:42 | 000,281,768 | ---- | M] () -- D:\Windows\System32\PnkBstrB.xtr
[2013/01/14 05:52:49 | 000,000,348 | ---- | M] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk
[2013/01/14 05:52:13 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/01/14 05:52:10 | 000,281,760 | ---- | M] () -- D:\Windows\System32\drivers\atksgt.sys
[2013/01/14 05:52:09 | 000,025,888 | ---- | M] () -- D:\Windows\System32\drivers\lirsgt.sys
[2013/01/14 04:09:24 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/01/14 04:09:24 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/01/14 04:09:24 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/01/14 04:09:24 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/01/13 11:49:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/01/13 11:28:19 | 000,621,888 | ---- | M] () -- D:\Users\Step\Desktop\bundleSetup.exe
[2013/01/13 11:28:12 | 002,719,736 | ---- | M] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe
[2013/01/10 14:18:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013
[2013/01/10 13:58:37 | 000,001,143 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2013/01/10 13:57:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01
[2013/01/10 10:17:34 | 000,000,205 | ---- | M] () -- D:\Users\Step\Desktop\Saints Row The Third.url
[2013/01/10 10:04:00 | 000,001,055 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/10 10:03:43 | 000,001,021 | ---- | M] () -- D:\Users\Step\Desktop\Dropbox.lnk
[2013/01/10 08:07:29 | 000,434,952 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/12/20 10:55:11 | 000,015,360 | ---- | M] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd
[2012/12/20 10:51:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/20 10:37:49 | 000,003,133 | ---- | M] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk
[2012/12/19 04:45:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/14 07:30:27 | 000,003,174 | ---- | C] () -- D:\ProgramData\RWvESYd.js
[2013/01/14 07:30:27 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad
[2013/01/14 05:52:49 | 000,000,348 | ---- | C] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk
[2013/01/14 05:52:10 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys
[2013/01/14 05:52:09 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys
[2013/01/13 11:28:09 | 000,621,888 | ---- | C] () -- D:\Users\Step\Desktop\bundleSetup.exe
[2013/01/10 10:17:34 | 000,000,205 | ---- | C] () -- D:\Users\Step\Desktop\Saints Row The Third.url
[2012/12/20 10:52:50 | 000,015,360 | ---- | C] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd
[2012/12/20 08:46:56 | 000,003,133 | ---- | C] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk
[2012/10/20 09:55:26 | 000,000,044 | ---- | C] () -- D:\Users\Step\AppData\Local\EnergyViewer.cfg
[2012/08/01 13:21:17 | 000,000,051 | ---- | C] () -- D:\ProgramData\flnpcwngpuvkodn
[2012/07/30 10:44:55 | 000,000,000 | ---- | C] () -- D:\ProgramData\0x0304A000.sfl
[2012/06/11 11:41:48 | 000,204,952 | ---- | C] () -- D:\Windows\System32\ativvsvl.dat
[2012/06/11 11:41:48 | 000,157,144 | ---- | C] () -- D:\Windows\System32\ativvsva.dat
[2012/06/11 06:50:42 | 000,159,232 | ---- | C] () -- D:\Windows\System32\clinfo.exe
[2012/06/04 04:12:53 | 000,065,536 | ---- | C] () -- D:\Windows\System32\HPPLVS.dll
[2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Users\Step\AppData\Roaming\PnkBstrK.sys
[2012/05/14 05:54:42 | 000,103,736 | ---- | C] () -- D:\Windows\System32\PnkBstrB.exe
[2012/05/14 05:54:39 | 000,076,888 | ---- | C] () -- D:\Windows\System32\PnkBstrA.exe
[2012/05/14 05:54:38 | 000,000,286 | ---- | C] () -- D:\Windows\game.ini
[2012/05/14 04:10:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012/05/14 04:07:55 | 000,003,917 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012/05/10 09:35:16 | 000,029,184 | ---- | C] () -- D:\Windows\System32\kdbsdk32.dll
[2012/05/07 13:28:00 | 000,000,017 | ---- | C] () -- D:\Users\Step\AppData\Local\resmon.resmoncfg
[2012/05/03 03:38:13 | 000,000,028 | ---- | C] () -- D:\Windows\sbinetpro.ini
[2012/05/03 03:38:13 | 000,000,026 | ---- | C] () -- D:\Windows\skat24pro.ini
[2012/04/12 14:30:10 | 000,637,743 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2012/02/29 06:26:56 | 000,416,064 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe
[2011/04/11 20:30:05 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2010/06/18 06:40:28 | 000,180,224 | ---- | C] () -- D:\Windows\System32\hpputoar.dll
[2010/04/09 15:08:26 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll
[2010/03/23 06:26:48 | 000,201,512 | ---- | C] () -- D:\Windows\System32\vpnapi.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,434,952 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat
[2008/02/07 03:05:18 | 000,163,840 | ---- | C] () -- D:\Windows\System32\hppatusg01.dll
[2007/12/19 18:04:00 | 000,097,360 | ---- | C] () -- D:\Windows\System32\drivers\Fwusb1b.bin
[2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2012/10/03 07:58:55 | 000,000,000 | ---D | M] -- D:\ProgramData\8618834A8B5E071A007686180D3A0E34
[2012/07/09 02:57:22 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/02 08:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2012/05/03 10:50:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/01/13 11:29:44 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect
[2012/04/25 12:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco
[2012/08/21 09:37:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2012/04/25 04:30:09 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/11/09 10:28:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Dynasim
[2012/07/06 15:32:15 | 000,000,000 | ---D | M] -- D:\ProgramData\elsterformular
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/01/13 11:29:52 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2012/10/20 09:56:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ITI GmbH
[2012/12/10 18:20:44 | 000,000,000 | ---D | M] -- D:\ProgramData\OriginLab
[2012/04/24 13:12:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Panda Security
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2013/01/14 05:54:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages
[2012/05/14 06:39:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/05/04 10:56:12 | 000,000,000 | ---D | M] -- D:\ProgramData\TLK-Thermo GmbH
[2012/08/21 09:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/08/02 01:58:31 | 000,000,000 | ---D | M] -- D:\ProgramData\ytryjrpbxdmjtcf
[2012/08/21 09:37:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/10/18 09:20:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\{FFCC117F-633D-49E2-9279-CBF58ED15A69}
[2013/01/14 11:39:44 | 000,000,500 | ---- | M] () -- D:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012/12/02 17:03:32 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/10/03 07:55:57 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/07/09 02:53:31 | 000,000,000 | ---D | M] -- D:\AMD
[2013/01/14 07:51:49 | 000,000,000 | -HSD | M] -- D:\Config.Msi
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2012/06/04 04:12:31 | 000,000,000 | ---D | M] -- D:\hp_P1000_P1500_Full_Solution
[2012/09/02 07:44:41 | 000,000,000 | ---D | M] -- D:\MITSI 2012 Temporary Files
[2012/12/20 10:57:57 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2012/05/10 14:01:28 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2013/01/14 07:39:34 | 000,000,000 | R--D | M] -- D:\Program Files
[2013/01/14 07:30:27 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Programme
[2012/04/24 11:59:39 | 000,000,000 | -HSD | M] -- D:\Recovery
[2013/01/14 11:05:13 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012/05/12 09:12:18 | 000,000,000 | R--D | M] -- D:\Users
[2013/01/13 11:48:02 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\System32\netlogon.dll
[2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\System32\scecli.dll
[2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\System32\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 16:29:08 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\fontext.dll
[2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---


Viele Grüße,
nyrt
__________________

Alt 15.01.2013, 19:16   #4
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/01/14 07:30:27 | 000,003,174 | ---- | M] () -- D:\ProgramData\RWvESYd.js
[2013/01/14 07:30:27 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 08:04   #5
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



alles getan.

PC startete nicht neu. Es öffnete sich nach dem FIX diese Datei namens 01162013_084112

Code:
ATTFilter
========== OTL ==========
D:\ProgramData\RWvESYd.js moved successfully.
D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
D:\ProgramData\RWvESYd.pad moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Step
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Step
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1460256 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254503705 bytes
 
Total Files Cleaned = 244.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01162013_084112
         
Habe den PC dann per Hand runtergefahren, da er sich nicht von alleine neu startete. Dabei hing er sich aber auf. Auch nach 20 Minuten keine Reaktion. Er hing beim finalen OK-Klick zum herunterfahren. Ich hatte ihn auf Restart gestellt. Maus war noch beweglich, aber sonst hat er nichts mehr getan. Der Tower machte auch keine Laute mehr. ICh habe ihn dann per hand neugestartet.

Er fährt komplett hoch. Allerdings kommt nun die Meldung "Server ist ausgelastet. DIeser Vorgang kan nnicht ausgeführt werden, da die andere Anwendung aktig ist. Klicken SIe auf Wechseln zu, um zu der anderen Anwendung zu wechseln und das Problem zu beheben."

Ein Klick auf den Arbeitsplatz lässt die Meldung verschwinden.

Vielen Dank und viele Grüße,
nyrt


Alt 16.01.2013, 17:41   #6
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



ok, schaun wir mal weiter.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________
--> Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht

Alt 16.01.2013, 18:23   #7
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



programm ausgeführt. Scan war beendet. er hatte 4 Sachen gefunden. und plötzlich kam der "Ihr Computer ist gesperrt" Bildschirm wieder, bevor ich den log sichern konnte.

Alt 16.01.2013, 18:26   #8
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



Hi
nutze bitte keine illegalen streams wie kinox.to, sonst wirst du dir das wieder und wieder einfangen, auch keine Pornoseiten, sind auch gefärliche ecken im netz :-)
poste ein neues otl log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 18:31   #9
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



ok starte wieder bei schritt 1.

hier die OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/16/2013 7:39:02 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.50% Space Free | Partition Type: NTFS
Drive D: | 75.13 Gb Total Space | 38.69 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 16.33 Gb Free Space | 83.59% Space Free | Partition Type: NTFS
Drive F: | 175.78 Gb Total Space | 55.77 Gb Free Space | 31.73% Space Free | Partition Type: NTFS
Drive G: | 1.85 Gb Total Space | 1.85 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
Drive H: | 175.78 Gb Total Space | 63.88 Gb Free Space | 36.34% Space Free | Partition Type: NTFS
Drive I: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (mitsijm2012)
SRV - File not found [Auto] --  -- (AntiVirService)
SRV - File not found [Auto] --  -- (AntiVirSchedulerService)
SRV - [2013/01/14 07:30:24 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe -- (Winmgmt)
SRV - [2013/01/04 12:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/09/02 07:51:55 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/05/03 10:53:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/05/18 05:24:32 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/12/19 18:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- D:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/12/11 16:17:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 16:17:18 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 06:10:04 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/09/12 06:36:37 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/11 13:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/06/11 11:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/05/11 00:34:08 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/05/11 00:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/04/25 04:27:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/25 04:23:55 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/23 07:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/02/09 15:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/09 10:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011/05/18 05:12:08 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/23 06:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/13 17:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2008/11/16 11:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/19 18:04:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/12/19 18:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A8 6A 68 00 23 CD 01  [binary data]
IE - HKU\Step_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
 
 
[2013/01/13 11:29:40 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012/05/03 06:29:15 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKU\Step_ON_D\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] D:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Step_ON_D..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/24 00:43:12 | 000,000,224 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {073FDCA0-1998-DE8E-CBBA-A70AE1307521} - Internet Explorer
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {359FC3CE-4E8E-D845-B1F9-D9B7EC21549A} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8AAE06DA-3D1A-259A-2797-581B55E39372} - Microsoft Windows Media Player
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {95407D9E-38E3-2BB1-45A5-7F14749AE4A5} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CFCCD20E-4D39-9933-4272-F61C02830A9C} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - D:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - D:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/16 08:41:13 | 000,000,000 | ---D | C] -- D:\_OTL
[2013/01/14 07:38:41 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2013/01/14 06:29:35 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Anno 1404
[2013/01/14 05:54:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Ubisoft
[2013/01/14 05:53:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Tages
[2013/01/14 04:41:22 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Amazon Downloader Logs
[2013/01/13 11:48:02 | 000,000,000 | ---D | C] -- D:\Windows\symbols
[2013/01/13 11:48:00 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Merge Modules
[2013/01/13 11:29:55 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\SpecialSavings
[2013/01/13 11:29:52 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService
[2013/01/13 11:29:51 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/01/13 11:29:47 | 000,000,000 | ---D | C] -- D:\Program Files\File Scout
[2013/01/13 11:29:44 | 000,000,000 | ---D | C] -- D:\ProgramData\BrowserProtect
[2013/01/13 11:29:40 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2013/01/13 11:28:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\Wajam
[2013/01/13 11:28:09 | 002,719,736 | ---- | C] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe
[2013/01/10 14:15:57 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server
[2013/01/10 14:13:23 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Visual Studio 2010
[2013/01/10 14:13:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SDKs
[2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Help Viewer
[2013/01/10 13:59:05 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- D:\Windows\System32\drivers\teamviewervpn.sys
[2013/01/10 13:57:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01
[2013/01/10 11:00:03 | 000,000,000 | ---D | C] -- D:\Users\Step\Desktop\Master
[2013/01/10 10:02:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll
[2013/01/10 10:02:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll
[2013/01/10 10:02:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dcsx_43.dll
[2013/01/10 10:02:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_7.dll
[2013/01/10 10:02:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_43.dll
[2013/01/10 10:02:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx11_43.dll
[2013/01/10 10:02:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_7.dll
[2013/01/10 10:02:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_5.dll
[2012/12/20 10:57:57 | 000,000,000 | RH-D | C] -- D:\MSOCache
[2012/12/20 10:52:53 | 000,000,000 | --SD | C] -- D:\Users\Step\Documents\Meine Shapes
[2012/12/20 10:50:22 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Analysis Services
[2012/12/20 08:48:05 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\e-academy Inc
[2012/12/19 04:45:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/16 13:28:07 | 095,023,320 | ---- | M] () -- D:\ProgramData\rwvesyd.pad
[2013/01/16 13:24:48 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 13:24:48 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 13:18:36 | 000,000,500 | ---- | M] () -- D:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/01/16 13:17:38 | 000,000,878 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 13:17:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/01/16 13:17:06 | 2616,496,128 | -HS- | M] () -- D:\hiberfil.sys
[2013/01/16 03:03:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 02:50:26 | 000,003,184 | ---- | M] () -- D:\ProgramData\rwvesyd.js
[2013/01/16 02:50:26 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 11:45:10 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 07:50:35 | 000,103,736 | ---- | M] () -- D:\Windows\System32\PnkBstrB.ex0
[2013/01/14 07:49:48 | 000,022,328 | ---- | M] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2013/01/14 06:54:42 | 000,281,768 | ---- | M] () -- D:\Windows\System32\PnkBstrB.xtr
[2013/01/14 05:52:49 | 000,000,348 | ---- | M] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk
[2013/01/14 05:52:13 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/01/14 05:52:10 | 000,281,760 | ---- | M] () -- D:\Windows\System32\drivers\atksgt.sys
[2013/01/14 05:52:09 | 000,025,888 | ---- | M] () -- D:\Windows\System32\drivers\lirsgt.sys
[2013/01/14 04:09:24 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/01/14 04:09:24 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/01/14 04:09:24 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/01/14 04:09:24 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/01/13 11:49:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/01/13 11:28:19 | 000,621,888 | ---- | M] () -- D:\Users\Step\Desktop\bundleSetup.exe
[2013/01/13 11:28:12 | 002,719,736 | ---- | M] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe
[2013/01/10 14:18:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013
[2013/01/10 13:58:37 | 000,001,143 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2013/01/10 13:57:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01
[2013/01/10 10:17:34 | 000,000,205 | ---- | M] () -- D:\Users\Step\Desktop\Saints Row The Third.url
[2013/01/10 10:04:00 | 000,001,055 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/10 10:03:43 | 000,001,021 | ---- | M] () -- D:\Users\Step\Desktop\Dropbox.lnk
[2013/01/10 08:07:29 | 000,434,952 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/12/20 10:55:11 | 000,015,360 | ---- | M] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd
[2012/12/20 10:51:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/20 10:37:49 | 000,003,133 | ---- | M] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk
[2012/12/19 04:45:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files Created - No Company Name ==========
 
[2013/01/16 02:50:26 | 000,003,184 | ---- | C] () -- D:\ProgramData\rwvesyd.js
[2013/01/16 02:50:26 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/16 02:49:58 | 095,023,320 | ---- | C] () -- D:\ProgramData\rwvesyd.pad
[2013/01/14 05:52:49 | 000,000,348 | ---- | C] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk
[2013/01/14 05:52:10 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys
[2013/01/14 05:52:09 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys
[2013/01/13 11:28:09 | 000,621,888 | ---- | C] () -- D:\Users\Step\Desktop\bundleSetup.exe
[2013/01/10 10:17:34 | 000,000,205 | ---- | C] () -- D:\Users\Step\Desktop\Saints Row The Third.url
[2012/12/20 10:52:50 | 000,015,360 | ---- | C] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd
[2012/12/20 08:46:56 | 000,003,133 | ---- | C] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk
[2012/10/20 09:55:26 | 000,000,044 | ---- | C] () -- D:\Users\Step\AppData\Local\EnergyViewer.cfg
[2012/08/01 13:21:17 | 000,000,051 | ---- | C] () -- D:\ProgramData\flnpcwngpuvkodn
[2012/07/30 10:44:55 | 000,000,000 | ---- | C] () -- D:\ProgramData\0x0304A000.sfl
[2012/06/11 11:41:48 | 000,204,952 | ---- | C] () -- D:\Windows\System32\ativvsvl.dat
[2012/06/11 11:41:48 | 000,157,144 | ---- | C] () -- D:\Windows\System32\ativvsva.dat
[2012/06/11 06:50:42 | 000,159,232 | ---- | C] () -- D:\Windows\System32\clinfo.exe
[2012/06/04 04:12:53 | 000,065,536 | ---- | C] () -- D:\Windows\System32\HPPLVS.dll
[2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Users\Step\AppData\Roaming\PnkBstrK.sys
[2012/05/14 05:54:42 | 000,103,736 | ---- | C] () -- D:\Windows\System32\PnkBstrB.exe
[2012/05/14 05:54:39 | 000,076,888 | ---- | C] () -- D:\Windows\System32\PnkBstrA.exe
[2012/05/14 05:54:38 | 000,000,286 | ---- | C] () -- D:\Windows\game.ini
[2012/05/14 04:10:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012/05/14 04:07:55 | 000,003,917 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012/05/10 09:35:16 | 000,029,184 | ---- | C] () -- D:\Windows\System32\kdbsdk32.dll
[2012/05/07 13:28:00 | 000,000,017 | ---- | C] () -- D:\Users\Step\AppData\Local\resmon.resmoncfg
[2012/05/03 03:38:13 | 000,000,028 | ---- | C] () -- D:\Windows\sbinetpro.ini
[2012/05/03 03:38:13 | 000,000,026 | ---- | C] () -- D:\Windows\skat24pro.ini
[2012/04/12 14:30:10 | 000,637,743 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2012/02/29 06:26:56 | 000,416,064 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe
[2011/04/11 20:30:05 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2010/06/18 06:40:28 | 000,180,224 | ---- | C] () -- D:\Windows\System32\hpputoar.dll
[2010/04/09 15:08:26 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll
[2010/03/23 06:26:48 | 000,201,512 | ---- | C] () -- D:\Windows\System32\vpnapi.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,434,952 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat
[2008/02/07 03:05:18 | 000,163,840 | ---- | C] () -- D:\Windows\System32\hppatusg01.dll
[2007/12/19 18:04:00 | 000,097,360 | ---- | C] () -- D:\Windows\System32\drivers\Fwusb1b.bin
[2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2012/10/03 07:58:55 | 000,000,000 | ---D | M] -- D:\ProgramData\8618834A8B5E071A007686180D3A0E34
[2012/07/09 02:57:22 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/02 08:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2012/05/03 10:50:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/01/13 11:29:44 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect
[2012/04/25 12:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco
[2012/08/21 09:37:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2012/04/25 04:30:09 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/11/09 10:28:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Dynasim
[2012/07/06 15:32:15 | 000,000,000 | ---D | M] -- D:\ProgramData\elsterformular
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/01/13 11:29:52 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2012/10/20 09:56:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ITI GmbH
[2012/12/10 18:20:44 | 000,000,000 | ---D | M] -- D:\ProgramData\OriginLab
[2012/04/24 13:12:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Panda Security
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2013/01/14 05:54:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages
[2012/05/14 06:39:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/05/04 10:56:12 | 000,000,000 | ---D | M] -- D:\ProgramData\TLK-Thermo GmbH
[2012/08/21 09:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/08/02 01:58:31 | 000,000,000 | ---D | M] -- D:\ProgramData\ytryjrpbxdmjtcf
[2012/08/21 09:37:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/10/18 09:20:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\{FFCC117F-633D-49E2-9279-CBF58ED15A69}
[2013/01/16 13:18:36 | 000,000,500 | ---- | M] () -- D:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012/12/02 17:03:32 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/10/03 07:55:57 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/07/09 02:53:31 | 000,000,000 | ---D | M] -- D:\AMD
[2013/01/14 07:51:49 | 000,000,000 | -HSD | M] -- D:\Config.Msi
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2012/06/04 04:12:31 | 000,000,000 | ---D | M] -- D:\hp_P1000_P1500_Full_Solution
[2012/09/02 07:44:41 | 000,000,000 | ---D | M] -- D:\MITSI 2012 Temporary Files
[2012/12/20 10:57:57 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2012/05/10 14:01:28 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2013/01/14 07:39:34 | 000,000,000 | R--D | M] -- D:\Program Files
[2013/01/16 13:22:08 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Programme
[2012/04/24 11:59:39 | 000,000,000 | -HSD | M] -- D:\Recovery
[2013/01/14 11:05:13 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012/05/12 09:12:18 | 000,000,000 | R--D | M] -- D:\Users
[2013/01/16 08:41:14 | 000,000,000 | ---D | M] -- D:\Windows
[2013/01/16 08:41:13 | 000,000,000 | ---D | M] -- D:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\System32\netlogon.dll
[2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\System32\scecli.dll
[2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\System32\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 16:29:08 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\fontext.dll
[2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

[/code]

Alt 16.01.2013, 21:47   #10
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/01/16 02:50:26 | 000,003,184 | ---- | M] () -- D:\ProgramData\rwvesyd.js
[2013/01/16 02:50:26 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 22:32   #11
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



Aus irgendeinem Grund wollte mein infizierter Rechner unter Reatogo USB Sticks nicht lesen. Habe dann nocheinmal neugestartet. Beim runterfahren hing er sich wieder auf. Also wieder manuell ausgeschaltet. Danach hat er sie wieder erkannt.

Fix war nach etwa einer Sekunde durch. Hier die Datei die erstellt wurde Namens 01162013_232117:

Code:
ATTFilter
========== OTL ==========
D:\ProgramData\rwvesyd.js moved successfully.
D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Step
-> No Temporary Internet Files cache folder defined!
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Step
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01162013_232117
         
Runterfahren hat ohne Aufhänger geklappt (diesmal zunächst "shut down" nicht "restart"). CD raus genommen. Hochgefahren. Frage nach Startmodus habe ich mit "Windows normal starten" beantwortet. Avira meldet mir einen Security Alert "TR/Reveton.N.13. Laut Avira in der Anwendung dYSEvWR. exe..........unter C users step appdata local temp

Keine "server ist ausgelastet" meldung.


nochmal vielen vielen dank für die bisherige Hilfe und Zeit!

Gruß,
nyrt

Alt 17.01.2013, 14:30   #12
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 16:03   #13
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hier die datei wie beschrieben mit datum version etc von tdsskiller.

es wurden noch 4 threads gefunden. die waren alle auf skip eingestellt. sind die nochmal extra abgespeichert?

Code:
ATTFilter
16:58:38.0174 2852  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:58:38.0190 2852  ============================================================
16:58:38.0190 2852  Current date / time: 2013/01/17 16:58:38.0190
16:58:38.0190 2852  SystemInfo:
16:58:38.0190 2852  
16:58:38.0190 2852  OS Version: 6.1.7601 ServicePack: 1.0
16:58:38.0190 2852  Product type: Workstation
16:58:38.0190 2852  ComputerName: STEP-PC
16:58:38.0190 2852  UserName: Step
16:58:38.0190 2852  Windows directory: C:\Windows
16:58:38.0190 2852  System windows directory: C:\Windows
16:58:38.0190 2852  Processor architecture: Intel x86
16:58:38.0190 2852  Number of processors: 2
16:58:38.0190 2852  Page size: 0x1000
16:58:38.0190 2852  Boot type: Normal boot
16:58:38.0190 2852  ============================================================
16:58:40.0468 2852  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:58:40.0468 2852  Drive \Device\Harddisk1\DR1 - Size: 0x77270000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:58:40.0468 2852  ============================================================
16:58:40.0468 2852  \Device\Harddisk0\DR0:
16:58:40.0468 2852  MBR partitions:
16:58:40.0468 2852  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
16:58:40.0468 2852  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x15F8CF22
16:58:40.0483 2852  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x9644211
16:58:40.0483 2852  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21CE2827, BlocksNum 0x2711637
16:58:40.0499 2852  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x243F3E9D, BlocksNum 0x15F8CEE3
16:58:40.0499 2852  \Device\Harddisk1\DR1:
16:58:40.0499 2852  MBR partitions:
16:58:40.0499 2852  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B9360
16:58:40.0499 2852  ============================================================
16:58:40.0530 2852  C: <-> \Device\Harddisk0\DR0\Partition3
16:58:40.0577 2852  D: <-> \Device\Harddisk0\DR0\Partition4
16:58:40.0608 2852  E: <-> \Device\Harddisk0\DR0\Partition5
16:58:40.0639 2852  F: <-> \Device\Harddisk0\DR0\Partition2
16:58:40.0639 2852  ============================================================
16:58:40.0639 2852  Initialize success
16:58:40.0639 2852  ============================================================
16:58:56.0130 3268  ============================================================
16:58:56.0130 3268  Scan started
16:58:56.0130 3268  Mode: Manual; SigCheck; TDLFS; 
16:58:56.0130 3268  ============================================================
16:58:58.0844 3268  ================ Scan system memory ========================
16:58:58.0844 3268  System memory - ok
16:58:58.0844 3268  ================ Scan services =============================
16:58:59.0047 3268  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:58:59.0219 3268  1394ohci - ok
16:58:59.0281 3268  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:58:59.0312 3268  ACPI - ok
16:58:59.0344 3268  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:58:59.0390 3268  AcpiPmi - ok
16:58:59.0453 3268  [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
16:58:59.0515 3268  acsock - ok
16:58:59.0578 3268  [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:58:59.0609 3268  AdobeFlashPlayerUpdateSvc - ok
16:58:59.0656 3268  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:58:59.0687 3268  adp94xx - ok
16:58:59.0718 3268  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:58:59.0765 3268  adpahci - ok
16:58:59.0780 3268  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:58:59.0796 3268  adpu320 - ok
16:58:59.0827 3268  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:58:59.0936 3268  AeLookupSvc - ok
16:58:59.0999 3268  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:59:00.0061 3268  AFD - ok
16:59:00.0077 3268  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:59:00.0108 3268  agp440 - ok
16:59:00.0139 3268  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:59:00.0170 3268  aic78xx - ok
16:59:00.0202 3268  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:59:00.0248 3268  ALG - ok
16:59:00.0280 3268  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:59:00.0295 3268  aliide - ok
16:59:00.0342 3268  [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:59:00.0404 3268  AMD External Events Utility - ok
16:59:00.0420 3268  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:59:00.0436 3268  amdagp - ok
16:59:00.0451 3268  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:59:00.0467 3268  amdide - ok
16:59:00.0498 3268  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:59:00.0529 3268  AmdK8 - ok
16:59:00.0748 3268  [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:59:01.0138 3268  amdkmdag - ok
16:59:01.0169 3268  [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:59:01.0216 3268  amdkmdap - ok
16:59:01.0231 3268  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:59:01.0278 3268  AmdPPM - ok
16:59:01.0325 3268  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:59:01.0340 3268  amdsata - ok
16:59:01.0387 3268  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:59:01.0403 3268  amdsbs - ok
16:59:01.0418 3268  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:59:01.0450 3268  amdxata - ok
16:59:01.0528 3268  [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService F:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe
16:59:01.0559 3268  AntiVirSchedulerService - ok
16:59:01.0590 3268  [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService  F:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe
16:59:01.0621 3268  AntiVirService - ok
16:59:01.0652 3268  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:59:01.0730 3268  AppID - ok
16:59:01.0793 3268  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:59:01.0871 3268  AppIDSvc - ok
16:59:01.0902 3268  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:59:01.0949 3268  Appinfo - ok
16:59:01.0996 3268  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:59:02.0042 3268  AppMgmt - ok
16:59:02.0074 3268  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
16:59:02.0105 3268  arc - ok
16:59:02.0136 3268  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:59:02.0152 3268  arcsas - ok
16:59:02.0276 3268  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:59:02.0354 3268  aspnet_state - ok
16:59:02.0401 3268  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:02.0479 3268  AsyncMac - ok
16:59:02.0510 3268  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:59:02.0526 3268  atapi - ok
16:59:02.0588 3268  [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
16:59:02.0635 3268  AtiHDAudioService - ok
16:59:02.0713 3268  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
16:59:02.0854 3268  atksgt - ok
16:59:02.0901 3268  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:03.0072 3268  AudioEndpointBuilder - ok
16:59:03.0088 3268  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:59:03.0119 3268  Audiosrv - ok
16:59:03.0166 3268  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:59:03.0197 3268  avgntflt - ok
16:59:03.0228 3268  [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:59:03.0244 3268  avipbb - ok
16:59:03.0259 3268  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:59:03.0291 3268  avkmgr - ok
16:59:03.0384 3268  [ B5AB073A8EAA0024DFE4D6E2F7AC2924 ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
16:59:03.0400 3268  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
16:59:03.0400 3268  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
16:59:03.0447 3268  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
16:59:03.0478 3268  avmeject ( UnsignedFile.Multi.Generic ) - warning
16:59:03.0478 3268  avmeject - detected UnsignedFile.Multi.Generic (1)
16:59:03.0525 3268  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:59:03.0603 3268  AxInstSV - ok
16:59:03.0649 3268  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
16:59:03.0743 3268  b06bdrv - ok
16:59:03.0774 3268  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:59:03.0805 3268  b57nd60x - ok
16:59:03.0837 3268  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:59:03.0883 3268  BDESVC - ok
16:59:03.0915 3268  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:59:03.0946 3268  Beep - ok
16:59:03.0961 3268  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:03.0993 3268  blbdrive - ok
16:59:04.0024 3268  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:59:04.0071 3268  bowser - ok
16:59:04.0086 3268  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:59:04.0133 3268  BrFiltLo - ok
16:59:04.0149 3268  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:59:04.0180 3268  BrFiltUp - ok
16:59:04.0211 3268  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:59:04.0258 3268  Browser - ok
16:59:04.0383 3268  [ B2958F59C2DAFB76348224832FB7C26F ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
16:59:04.0461 3268  BrowserProtect - ok
16:59:04.0476 3268  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:59:04.0507 3268  Brserid - ok
16:59:04.0523 3268  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:04.0570 3268  BrSerWdm - ok
16:59:04.0585 3268  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:04.0617 3268  BrUsbMdm - ok
16:59:04.0632 3268  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:04.0695 3268  BrUsbSer - ok
16:59:04.0726 3268  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:59:04.0757 3268  BTHMODEM - ok
16:59:04.0788 3268  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:59:04.0835 3268  bthserv - ok
16:59:04.0866 3268  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:59:04.0913 3268  cdfs - ok
16:59:04.0944 3268  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:59:04.0975 3268  cdrom - ok
16:59:05.0022 3268  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:59:05.0053 3268  CertPropSvc - ok
16:59:05.0085 3268  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:59:05.0100 3268  circlass - ok
16:59:05.0131 3268  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:59:05.0163 3268  CLFS - ok
16:59:05.0241 3268  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:05.0256 3268  clr_optimization_v2.0.50727_32 - ok
16:59:05.0303 3268  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:05.0350 3268  clr_optimization_v4.0.30319_32 - ok
16:59:05.0365 3268  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:59:05.0412 3268  CmBatt - ok
16:59:05.0428 3268  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:59:05.0443 3268  cmdide - ok
16:59:05.0475 3268  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:59:05.0521 3268  CNG - ok
16:59:05.0521 3268  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:59:05.0537 3268  Compbatt - ok
16:59:05.0568 3268  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:59:05.0615 3268  CompositeBus - ok
16:59:05.0646 3268  COMSysApp - ok
16:59:05.0677 3268  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:59:05.0709 3268  crcdisk - ok
16:59:05.0740 3268  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:59:05.0787 3268  CryptSvc - ok
16:59:05.0833 3268  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
16:59:05.0896 3268  CSC - ok
16:59:05.0927 3268  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
16:59:06.0005 3268  CscService - ok
16:59:06.0083 3268  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
16:59:06.0130 3268  CVirtA - ok
16:59:06.0317 3268  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
16:59:06.0520 3268  CVPND - ok
16:59:06.0598 3268  [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
16:59:06.0660 3268  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
16:59:06.0660 3268  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
16:59:06.0691 3268  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:59:06.0785 3268  DcomLaunch - ok
16:59:06.0879 3268  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:59:06.0941 3268  defragsvc - ok
16:59:06.0972 3268  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:59:07.0081 3268  DfsC - ok
16:59:07.0175 3268  [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:59:07.0237 3268  dg_ssudbus - ok
16:59:07.0284 3268  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:59:07.0440 3268  Dhcp - ok
16:59:07.0471 3268  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:59:07.0534 3268  discache - ok
16:59:07.0581 3268  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
16:59:07.0659 3268  Disk - ok
16:59:07.0705 3268  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
16:59:07.0783 3268  dmvsc - ok
16:59:07.0877 3268  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
16:59:07.0893 3268  DNE - ok
16:59:07.0955 3268  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:59:08.0002 3268  Dnscache - ok
16:59:08.0017 3268  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:59:08.0064 3268  dot3svc - ok
16:59:08.0095 3268  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:59:08.0142 3268  DPS - ok
16:59:08.0173 3268  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:59:08.0189 3268  drmkaud - ok
16:59:08.0267 3268  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:59:08.0298 3268  dtsoftbus01 - ok
16:59:08.0345 3268  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:59:08.0392 3268  DXGKrnl - ok
16:59:08.0392 3268  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:59:08.0470 3268  EapHost - ok
16:59:08.0782 3268  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
16:59:09.0016 3268  ebdrv - ok
16:59:09.0063 3268  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:59:09.0156 3268  EFS - ok
16:59:09.0359 3268  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:59:09.0484 3268  ehRecvr - ok
16:59:09.0499 3268  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:59:09.0531 3268  ehSched - ok
16:59:09.0609 3268  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:59:09.0640 3268  elxstor - ok
16:59:09.0671 3268  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:59:09.0702 3268  ErrDev - ok
16:59:09.0765 3268  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:59:09.0827 3268  EventSystem - ok
16:59:09.0874 3268  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:59:09.0905 3268  exfat - ok
16:59:09.0936 3268  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:59:09.0983 3268  fastfat - ok
16:59:10.0030 3268  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:59:10.0092 3268  Fax - ok
16:59:10.0139 3268  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:59:10.0170 3268  fdc - ok
16:59:10.0201 3268  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:59:10.0233 3268  fdPHost - ok
16:59:10.0264 3268  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:59:10.0295 3268  FDResPub - ok
16:59:10.0342 3268  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:59:10.0357 3268  FileInfo - ok
16:59:10.0373 3268  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:59:10.0420 3268  Filetrace - ok
16:59:10.0498 3268  [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:59:10.0576 3268  FLEXnet Licensing Service - ok
16:59:10.0576 3268  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:10.0607 3268  flpydisk - ok
16:59:10.0638 3268  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:59:10.0654 3268  FltMgr - ok
16:59:10.0716 3268  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:59:10.0779 3268  FontCache - ok
16:59:10.0841 3268  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:10.0857 3268  FontCache3.0.0.0 - ok
16:59:10.0872 3268  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:59:10.0888 3268  FsDepends - ok
16:59:10.0935 3268  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:59:10.0950 3268  Fs_Rec - ok
16:59:10.0981 3268  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:59:11.0013 3268  fvevol - ok
16:59:11.0169 3268  [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
16:59:11.0262 3268  FWLANUSB - ok
16:59:11.0325 3268  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:59:11.0387 3268  gagp30kx - ok
16:59:11.0465 3268  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:59:11.0605 3268  gpsvc - ok
16:59:11.0824 3268  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:59:11.0839 3268  gupdate - ok
16:59:11.0949 3268  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:59:11.0964 3268  gupdatem - ok
16:59:12.0011 3268  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:59:12.0042 3268  hcw85cir - ok
16:59:12.0089 3268  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:12.0167 3268  HdAudAddService - ok
16:59:12.0198 3268  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:59:12.0229 3268  HDAudBus - ok
16:59:12.0261 3268  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:59:12.0292 3268  HidBatt - ok
16:59:12.0307 3268  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:59:12.0370 3268  HidBth - ok
16:59:12.0432 3268  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:59:12.0463 3268  HidIr - ok
16:59:12.0510 3268  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:59:12.0557 3268  hidserv - ok
16:59:12.0619 3268  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:59:12.0682 3268  HidUsb - ok
16:59:12.0729 3268  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:59:12.0760 3268  hkmsvc - ok
16:59:12.0807 3268  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:12.0885 3268  HomeGroupListener - ok
16:59:12.0916 3268  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:12.0978 3268  HomeGroupProvider - ok
16:59:13.0087 3268  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:59:13.0181 3268  HpSAMD - ok
16:59:13.0306 3268  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:59:13.0618 3268  HTTP - ok
16:59:13.0696 3268  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:59:13.0711 3268  hwpolicy - ok
16:59:13.0867 3268  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:59:14.0070 3268  i8042prt - ok
16:59:14.0289 3268  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:59:14.0445 3268  iaStorV - ok
16:59:14.0569 3268  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:59:14.0679 3268  idsvc - ok
16:59:14.0725 3268  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:59:14.0741 3268  iirsp - ok
16:59:14.0835 3268  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:59:14.0928 3268  IKEEXT - ok
16:59:14.0975 3268  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:59:14.0991 3268  intelide - ok
16:59:15.0100 3268  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:59:15.0131 3268  intelppm - ok
16:59:15.0209 3268  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:59:15.0271 3268  IPBusEnum - ok
16:59:15.0303 3268  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:15.0365 3268  IpFilterDriver - ok
16:59:15.0427 3268  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:59:15.0474 3268  IPMIDRV - ok
16:59:15.0505 3268  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:59:15.0552 3268  IPNAT - ok
16:59:15.0599 3268  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:59:15.0646 3268  IRENUM - ok
16:59:15.0708 3268  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:59:15.0739 3268  isapnp - ok
16:59:15.0786 3268  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:59:15.0833 3268  iScsiPrt - ok
16:59:15.0864 3268  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:59:15.0895 3268  kbdclass - ok
16:59:15.0927 3268  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:59:15.0958 3268  kbdhid - ok
16:59:15.0973 3268  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:59:15.0989 3268  KeyIso - ok
16:59:16.0005 3268  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:59:16.0036 3268  KSecDD - ok
16:59:16.0083 3268  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:59:16.0098 3268  KSecPkg - ok
16:59:16.0192 3268  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:59:16.0254 3268  KtmRm - ok
16:59:16.0301 3268  [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
16:59:16.0332 3268  L1E - ok
16:59:16.0379 3268  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:59:16.0410 3268  LanmanServer - ok
16:59:16.0441 3268  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:16.0473 3268  LanmanWorkstation - ok
16:59:16.0551 3268  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
16:59:16.0582 3268  lirsgt - ok
16:59:16.0629 3268  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:59:16.0691 3268  lltdio - ok
16:59:16.0753 3268  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:59:16.0800 3268  lltdsvc - ok
16:59:16.0816 3268  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:59:16.0847 3268  lmhosts - ok
16:59:16.0894 3268  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:59:16.0925 3268  LSI_FC - ok
16:59:16.0972 3268  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:59:16.0987 3268  LSI_SAS - ok
16:59:17.0112 3268  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:59:17.0159 3268  LSI_SAS2 - ok
16:59:17.0253 3268  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:59:17.0299 3268  LSI_SCSI - ok
16:59:17.0315 3268  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:59:17.0393 3268  luafv - ok
16:59:17.0424 3268  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:59:17.0440 3268  Mcx2Svc - ok
16:59:17.0455 3268  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:59:17.0471 3268  megasas - ok
16:59:17.0502 3268  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:59:17.0549 3268  MegaSR - ok
16:59:17.0877 3268  [ B2896AC99901738B882F28004F79A455 ] mitsijm2012     F:\Programme\Inventor\Inventor\Inventor 2012\Moldflow\bin\mitsijm.exe
16:59:17.0908 3268  mitsijm2012 - ok
16:59:17.0939 3268  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:59:17.0970 3268  MMCSS - ok
16:59:17.0986 3268  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:59:18.0048 3268  Modem - ok
16:59:18.0079 3268  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:59:18.0111 3268  monitor - ok
16:59:18.0142 3268  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:59:18.0157 3268  mouclass - ok
16:59:18.0189 3268  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:59:18.0204 3268  mouhid - ok
16:59:18.0251 3268  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:59:18.0313 3268  mountmgr - ok
16:59:18.0360 3268  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:59:18.0391 3268  mpio - ok
16:59:18.0438 3268  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:59:18.0469 3268  mpsdrv - ok
16:59:18.0516 3268  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:59:18.0547 3268  MRxDAV - ok
16:59:18.0594 3268  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:18.0625 3268  mrxsmb - ok
16:59:18.0657 3268  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:18.0719 3268  mrxsmb10 - ok
16:59:18.0735 3268  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:18.0750 3268  mrxsmb20 - ok
16:59:18.0766 3268  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:59:18.0781 3268  msahci - ok
16:59:18.0813 3268  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:59:18.0828 3268  msdsm - ok
16:59:18.0859 3268  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:59:18.0906 3268  MSDTC - ok
16:59:18.0969 3268  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:59:19.0000 3268  Msfs - ok
16:59:19.0015 3268  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:59:19.0047 3268  mshidkmdf - ok
16:59:19.0047 3268  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:59:19.0078 3268  msisadrv - ok
16:59:19.0218 3268  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:59:19.0327 3268  MSiSCSI - ok
16:59:19.0343 3268  msiserver - ok
16:59:19.0359 3268  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:59:19.0437 3268  MSKSSRV - ok
16:59:19.0468 3268  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:19.0515 3268  MSPCLOCK - ok
16:59:19.0546 3268  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:59:19.0608 3268  MSPQM - ok
16:59:19.0639 3268  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:59:19.0686 3268  MsRPC - ok
16:59:19.0702 3268  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:59:19.0733 3268  mssmbios - ok
16:59:19.0749 3268  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:59:19.0780 3268  MSTEE - ok
16:59:19.0827 3268  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:59:19.0858 3268  MTConfig - ok
16:59:19.0920 3268  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:59:19.0951 3268  MTsensor - ok
16:59:19.0967 3268  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:59:19.0983 3268  Mup - ok
16:59:20.0045 3268  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:59:20.0139 3268  napagent - ok
16:59:20.0279 3268  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:59:20.0388 3268  NativeWifiP - ok
16:59:20.0482 3268  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:59:20.0731 3268  NDIS - ok
16:59:20.0809 3268  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:20.0903 3268  NdisCap - ok
16:59:20.0950 3268  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:21.0012 3268  NdisTapi - ok
16:59:21.0106 3268  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:21.0246 3268  Ndisuio - ok
16:59:21.0293 3268  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:21.0371 3268  NdisWan - ok
16:59:21.0418 3268  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:59:21.0465 3268  NDProxy - ok
16:59:21.0496 3268  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:59:21.0589 3268  NetBIOS - ok
16:59:21.0621 3268  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:59:21.0761 3268  NetBT - ok
16:59:21.0792 3268  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:59:21.0808 3268  Netlogon - ok
16:59:21.0901 3268  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:59:21.0933 3268  Netman - ok
16:59:21.0995 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:59:22.0104 3268  NetMsmqActivator - ok
16:59:22.0135 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:59:22.0135 3268  NetPipeActivator - ok
16:59:22.0182 3268  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:59:22.0260 3268  netprofm - ok
16:59:22.0276 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:59:22.0276 3268  NetTcpActivator - ok
16:59:22.0291 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:59:22.0307 3268  NetTcpPortSharing - ok
16:59:22.0369 3268  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:59:22.0416 3268  nfrd960 - ok
16:59:22.0447 3268  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:59:22.0525 3268  NlaSvc - ok
16:59:22.0557 3268  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:59:22.0635 3268  Npfs - ok
16:59:22.0697 3268  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:59:22.0759 3268  nsi - ok
16:59:22.0791 3268  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:59:22.0822 3268  nsiproxy - ok
16:59:22.0915 3268  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:59:23.0025 3268  Ntfs - ok
16:59:23.0056 3268  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:59:23.0165 3268  Null - ok
16:59:25.0053 3268  [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:25.0677 3268  nvlddmkm - ok
16:59:25.0723 3268  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:59:25.0755 3268  nvraid - ok
16:59:25.0817 3268  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:59:25.0879 3268  nvstor - ok
16:59:26.0129 3268  [ 70145ADE9EFE2CE296DD5FC761B4969B ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:59:26.0191 3268  nvsvc - ok
16:59:26.0254 3268  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:59:26.0301 3268  nv_agp - ok
16:59:26.0488 3268  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:59:26.0613 3268  odserv - ok
16:59:26.0644 3268  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:59:26.0691 3268  ohci1394 - ok
16:59:26.0815 3268  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:26.0893 3268  ose - ok
16:59:27.0720 3268  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:28.0204 3268  osppsvc - ok
16:59:28.0251 3268  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:59:28.0297 3268  p2pimsvc - ok
16:59:28.0329 3268  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:59:28.0375 3268  p2psvc - ok
16:59:28.0422 3268  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
16:59:28.0438 3268  Parport - ok
16:59:28.0516 3268  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:59:28.0531 3268  partmgr - ok
16:59:28.0563 3268  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:59:28.0578 3268  Parvdm - ok
16:59:28.0687 3268  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:59:28.0719 3268  PcaSvc - ok
16:59:28.0750 3268  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:59:28.0765 3268  pci - ok
16:59:28.0781 3268  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:59:28.0797 3268  pciide - ok
16:59:28.0812 3268  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:59:28.0843 3268  pcmcia - ok
16:59:28.0875 3268  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:59:28.0890 3268  pcw - ok
16:59:28.0999 3268  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:59:29.0124 3268  PEAUTH - ok
16:59:29.0171 3268  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:59:29.0249 3268  PeerDistSvc - ok
16:59:29.0327 3268  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:59:29.0421 3268  pla - ok
16:59:29.0514 3268  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:59:29.0623 3268  PlugPlay - ok
16:59:29.0701 3268  [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
16:59:29.0733 3268  PnkBstrA - ok
16:59:29.0748 3268  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:59:29.0779 3268  PNRPAutoReg - ok
16:59:29.0811 3268  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:59:29.0826 3268  PNRPsvc - ok
16:59:29.0889 3268  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:59:29.0967 3268  PolicyAgent - ok
16:59:30.0013 3268  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:59:30.0060 3268  Power - ok
16:59:30.0107 3268  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:59:30.0154 3268  PptpMiniport - ok
16:59:30.0169 3268  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
16:59:30.0216 3268  Processor - ok
16:59:30.0263 3268  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:59:30.0325 3268  ProfSvc - ok
16:59:30.0341 3268  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:30.0357 3268  ProtectedStorage - ok
16:59:30.0388 3268  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:59:30.0435 3268  Psched - ok
16:59:30.0481 3268  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:59:30.0606 3268  ql2300 - ok
16:59:30.0622 3268  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:59:30.0653 3268  ql40xx - ok
16:59:30.0715 3268  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:59:30.0778 3268  QWAVE - ok
16:59:30.0793 3268  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:59:30.0825 3268  QWAVEdrv - ok
16:59:30.0840 3268  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:59:30.0887 3268  RasAcd - ok
16:59:30.0918 3268  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:30.0981 3268  RasAgileVpn - ok
16:59:30.0996 3268  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:59:31.0074 3268  RasAuto - ok
16:59:31.0121 3268  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:31.0199 3268  Rasl2tp - ok
16:59:31.0261 3268  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:59:31.0386 3268  RasMan - ok
16:59:31.0402 3268  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:31.0464 3268  RasPppoe - ok
16:59:31.0495 3268  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:59:31.0542 3268  RasSstp - ok
16:59:31.0620 3268  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:59:31.0714 3268  rdbss - ok
16:59:31.0745 3268  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:31.0776 3268  rdpbus - ok
16:59:31.0792 3268  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:31.0839 3268  RDPCDD - ok
16:59:31.0885 3268  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:59:31.0963 3268  RDPDR - ok
16:59:31.0995 3268  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:59:32.0041 3268  RDPENCDD - ok
16:59:32.0088 3268  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:59:32.0135 3268  RDPREFMP - ok
16:59:32.0197 3268  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:59:32.0260 3268  RDPWD - ok
16:59:32.0322 3268  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:59:32.0385 3268  rdyboost - ok
16:59:32.0416 3268  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:59:32.0447 3268  RemoteAccess - ok
16:59:32.0494 3268  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:59:32.0541 3268  RemoteRegistry - ok
16:59:32.0572 3268  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:59:32.0619 3268  RpcEptMapper - ok
16:59:32.0681 3268  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:59:32.0712 3268  RpcLocator - ok
16:59:32.0728 3268  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:59:32.0775 3268  RpcSs - ok
16:59:32.0806 3268  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:59:32.0915 3268  rspndr - ok
16:59:33.0040 3268  [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
16:59:33.0055 3268  RTL8023xp - ok
16:59:33.0087 3268  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:59:33.0118 3268  s3cap - ok
16:59:33.0133 3268  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:59:33.0149 3268  SamSs - ok
16:59:33.0180 3268  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:59:33.0196 3268  sbp2port - ok
16:59:33.0227 3268  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:59:33.0274 3268  SCardSvr - ok
16:59:33.0289 3268  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:59:33.0336 3268  scfilter - ok
16:59:33.0430 3268  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:59:33.0492 3268  Schedule - ok
16:59:33.0508 3268  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:59:33.0539 3268  SCPolicySvc - ok
16:59:33.0555 3268  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:59:33.0586 3268  SDRSVC - ok
16:59:33.0633 3268  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:59:33.0664 3268  secdrv - ok
16:59:33.0711 3268  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:59:33.0773 3268  seclogon - ok
16:59:33.0820 3268  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:59:33.0867 3268  SENS - ok
16:59:33.0882 3268  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:59:33.0945 3268  SensrSvc - ok
16:59:33.0991 3268  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:59:34.0038 3268  Serenum - ok
16:59:34.0069 3268  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:59:34.0116 3268  Serial - ok
16:59:34.0194 3268  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:59:34.0225 3268  sermouse - ok
16:59:34.0272 3268  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:59:34.0319 3268  SessionEnv - ok
16:59:34.0335 3268  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:59:34.0366 3268  sffdisk - ok
16:59:34.0381 3268  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:59:34.0413 3268  sffp_mmc - ok
16:59:34.0428 3268  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:59:34.0459 3268  sffp_sd - ok
16:59:34.0475 3268  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:59:34.0537 3268  sfloppy - ok
16:59:34.0569 3268  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:34.0615 3268  ShellHWDetection - ok
16:59:34.0647 3268  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:59:34.0678 3268  sisagp - ok
16:59:34.0709 3268  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:59:34.0725 3268  SiSRaid2 - ok
16:59:34.0756 3268  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:59:34.0771 3268  SiSRaid4 - ok
16:59:34.0803 3268  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:59:34.0865 3268  Smb - ok
16:59:34.0943 3268  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:59:34.0959 3268  SNMPTRAP - ok
16:59:34.0974 3268  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:59:34.0990 3268  spldr - ok
16:59:35.0068 3268  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:59:35.0177 3268  Spooler - ok
16:59:35.0333 3268  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:59:35.0427 3268  sppsvc - ok
16:59:35.0458 3268  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:59:35.0489 3268  sppuinotify - ok
16:59:35.0661 3268  [ 71E276F6D189413266EA22171806597B ] sptd            C:\Windows\system32\Drivers\sptd.sys
16:59:35.0801 3268  sptd - ok
16:59:35.0817 3268  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:59:35.0926 3268  srv - ok
16:59:36.0004 3268  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:59:36.0066 3268  srv2 - ok
16:59:36.0097 3268  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:59:36.0129 3268  srvnet - ok
16:59:36.0191 3268  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:59:36.0222 3268  SSDPSRV - ok
16:59:36.0285 3268  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:59:36.0300 3268  ssmdrv - ok
16:59:36.0331 3268  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:59:36.0378 3268  SstpSvc - ok
16:59:36.0503 3268  [ 07318149E102FD9197AB444C27774372 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
16:59:36.0565 3268  ssudmdm - ok
16:59:36.0675 3268  Steam Client Service - ok
16:59:36.0706 3268  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:59:36.0753 3268  stexstor - ok
16:59:36.0862 3268  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:59:36.0940 3268  StiSvc - ok
16:59:37.0018 3268  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:59:37.0049 3268  storflt - ok
16:59:37.0096 3268  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
16:59:37.0158 3268  StorSvc - ok
16:59:37.0221 3268  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:59:37.0252 3268  storvsc - ok
16:59:37.0283 3268  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:59:37.0299 3268  swenum - ok
16:59:37.0361 3268  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:59:37.0455 3268  swprv - ok
16:59:37.0579 3268  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:59:37.0657 3268  SysMain - ok
16:59:37.0720 3268  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:37.0767 3268  TabletInputService - ok
16:59:37.0798 3268  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:59:37.0891 3268  TapiSrv - ok
16:59:37.0938 3268  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:59:38.0047 3268  TBS - ok
16:59:38.0203 3268  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:59:38.0281 3268  Tcpip - ok
16:59:38.0344 3268  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:59:38.0375 3268  TCPIP6 - ok
16:59:38.0406 3268  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:59:38.0453 3268  tcpipreg - ok
16:59:38.0469 3268  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:59:38.0515 3268  TDPIPE - ok
16:59:38.0547 3268  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:59:38.0578 3268  TDTCP - ok
16:59:38.0609 3268  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:59:38.0640 3268  tdx - ok
16:59:38.0921 3268  [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:59:38.0968 3268  TeamViewer7 - ok
16:59:39.0030 3268  [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:59:39.0108 3268  teamviewervpn - ok
16:59:39.0139 3268  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:59:39.0155 3268  TermDD - ok
16:59:39.0217 3268  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:59:39.0280 3268  TermService - ok
16:59:39.0311 3268  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:59:39.0342 3268  Themes - ok
16:59:39.0373 3268  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:59:39.0420 3268  THREADORDER - ok
16:59:39.0451 3268  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:59:39.0498 3268  TrkWks - ok
16:59:39.0576 3268  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:39.0701 3268  TrustedInstaller - ok
16:59:39.0748 3268  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:39.0810 3268  tssecsrv - ok
16:59:39.0826 3268  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:59:39.0919 3268  TsUsbFlt - ok
16:59:39.0935 3268  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:59:39.0966 3268  TsUsbGD - ok
16:59:40.0060 3268  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:59:40.0091 3268  tunnel - ok
16:59:40.0107 3268  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:59:40.0153 3268  uagp35 - ok
16:59:40.0185 3268  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:59:40.0231 3268  udfs - ok
16:59:40.0263 3268  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:59:40.0309 3268  UI0Detect - ok
16:59:40.0325 3268  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:59:40.0372 3268  uliagpkx - ok
16:59:40.0403 3268  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:59:40.0434 3268  umbus - ok
16:59:40.0450 3268  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:59:40.0528 3268  UmPass - ok
16:59:40.0684 3268  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:59:40.0715 3268  UmRdpService - ok
16:59:40.0746 3268  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:59:40.0809 3268  upnphost - ok
16:59:40.0855 3268  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:40.0887 3268  usbccgp - ok
16:59:40.0902 3268  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:59:40.0933 3268  usbcir - ok
16:59:40.0949 3268  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:59:40.0980 3268  usbehci - ok
16:59:41.0011 3268  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:59:41.0074 3268  usbhub - ok
16:59:41.0105 3268  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:59:41.0136 3268  usbohci - ok
16:59:41.0183 3268  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:59:41.0214 3268  usbprint - ok
16:59:41.0261 3268  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:41.0339 3268  USBSTOR - ok
16:59:41.0370 3268  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:59:41.0464 3268  usbuhci - ok
16:59:41.0495 3268  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:59:41.0542 3268  UxSms - ok
16:59:41.0557 3268  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:59:41.0573 3268  VaultSvc - ok
16:59:41.0604 3268  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:59:41.0651 3268  vdrvroot - ok
16:59:41.0745 3268  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:59:41.0823 3268  vds - ok
16:59:41.0854 3268  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:41.0885 3268  vga - ok
16:59:41.0901 3268  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:59:41.0947 3268  VgaSave - ok
16:59:42.0010 3268  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:59:42.0041 3268  vhdmp - ok
16:59:42.0072 3268  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:59:42.0103 3268  viaagp - ok
16:59:42.0135 3268  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:59:42.0181 3268  ViaC7 - ok
16:59:42.0213 3268  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:59:42.0244 3268  viaide - ok
16:59:42.0353 3268  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:59:42.0400 3268  vmbus - ok
16:59:42.0431 3268  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:59:42.0478 3268  VMBusHID - ok
16:59:42.0509 3268  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:59:42.0525 3268  volmgr - ok
16:59:42.0603 3268  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:59:42.0665 3268  volmgrx - ok
16:59:42.0712 3268  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:59:42.0805 3268  volsnap - ok
16:59:43.0008 3268  [ EA8869FA708554BD8130C91BB985C14D ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
16:59:43.0039 3268  vpnagent - ok
16:59:43.0071 3268  [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
16:59:43.0086 3268  vpnva - ok
16:59:43.0149 3268  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:59:43.0180 3268  vsmraid - ok
16:59:43.0336 3268  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:59:43.0429 3268  VSS - ok
16:59:43.0461 3268  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:59:43.0476 3268  vwifibus - ok
16:59:43.0492 3268  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:59:43.0570 3268  W32Time - ok
16:59:43.0585 3268  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:59:43.0632 3268  WacomPen - ok
16:59:43.0679 3268  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:59:43.0788 3268  WANARP - ok
16:59:43.0788 3268  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:59:43.0819 3268  Wanarpv6 - ok
16:59:44.0007 3268  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:59:44.0085 3268  wbengine - ok
16:59:44.0100 3268  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:59:44.0147 3268  WbioSrvc - ok
16:59:44.0178 3268  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:59:44.0209 3268  wcncsvc - ok
16:59:44.0241 3268  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:44.0303 3268  WcsPlugInService - ok
16:59:44.0319 3268  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
16:59:44.0334 3268  Wd - ok
16:59:44.0397 3268  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:59:44.0459 3268  Wdf01000 - ok
16:59:44.0475 3268  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:59:44.0584 3268  WdiServiceHost - ok
16:59:44.0584 3268  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:59:44.0599 3268  WdiSystemHost - ok
16:59:44.0662 3268  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:59:44.0709 3268  WebClient - ok
16:59:44.0771 3268  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:59:44.0833 3268  Wecsvc - ok
16:59:44.0849 3268  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:59:44.0896 3268  wercplsupport - ok
16:59:44.0989 3268  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:59:45.0130 3268  WerSvc - ok
16:59:45.0192 3268  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:45.0255 3268  WfpLwf - ok
16:59:45.0270 3268  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:59:45.0301 3268  WIMMount - ok
16:59:45.0317 3268  WinHttpAutoProxySvc - ok
16:59:45.0613 3268  [ 13E30E6DC99EDF4C823873505FCC108C ] Winmgmt         C:\Users\Step\AppData\Local\Temp\dYSEvWR.exe
16:59:46.0019 3268  Suspicious file (NoAccess): C:\Users\Step\AppData\Local\Temp\dYSEvWR.exe. md5: 13E30E6DC99EDF4C823873505FCC108C
16:59:46.0019 3268  Winmgmt ( LockedFile.Multi.Generic ) - warning
16:59:46.0019 3268  Winmgmt - detected LockedFile.Multi.Generic (1)
16:59:46.0159 3268  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:59:46.0300 3268  WinRM - ok
16:59:46.0534 3268  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:46.0627 3268  WinUsb - ok
16:59:46.0893 3268  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:59:46.0939 3268  Wlansvc - ok
16:59:47.0049 3268  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:59:47.0111 3268  wlidsvc - ok
16:59:47.0142 3268  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:59:47.0173 3268  WmiAcpi - ok
16:59:47.0251 3268  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:59:47.0298 3268  wmiApSrv - ok
16:59:47.0376 3268  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:59:47.0439 3268  WMPNetworkSvc - ok
16:59:47.0485 3268  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:59:47.0641 3268  WPCSvc - ok
16:59:47.0673 3268  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:59:47.0735 3268  WPDBusEnum - ok
16:59:47.0766 3268  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:59:47.0797 3268  ws2ifsl - ok
16:59:47.0797 3268  WSearch - ok
16:59:47.0813 3268  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:59:47.0875 3268  WudfPf - ok
16:59:47.0891 3268  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:47.0922 3268  WUDFRd - ok
16:59:47.0938 3268  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:59:47.0985 3268  wudfsvc - ok
16:59:48.0000 3268  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:59:48.0094 3268  WwanSvc - ok
16:59:48.0141 3268  ================ Scan global ===============================
16:59:48.0172 3268  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:59:48.0203 3268  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:59:48.0234 3268  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:59:48.0265 3268  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:59:48.0328 3268  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:59:48.0343 3268  [Global] - ok
16:59:48.0343 3268  ================ Scan MBR ==================================
16:59:48.0390 3268  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:59:48.0718 3268  \Device\Harddisk0\DR0 - ok
16:59:48.0718 3268  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:59:51.0136 3268  \Device\Harddisk1\DR1 - ok
16:59:51.0136 3268  ================ Scan VBR ==================================
16:59:51.0151 3268  [ 4D69FDEA9DD9B541F31D1074F11C8983 ] \Device\Harddisk0\DR0\Partition1
16:59:51.0151 3268  \Device\Harddisk0\DR0\Partition1 - ok
16:59:51.0167 3268  [ 104913DABDA69D208C60C773E30A4316 ] \Device\Harddisk0\DR0\Partition2
16:59:51.0183 3268  \Device\Harddisk0\DR0\Partition2 - ok
16:59:51.0198 3268  [ F62F87A3C9489156EBE7BB6C5EB4D92A ] \Device\Harddisk0\DR0\Partition3
16:59:51.0214 3268  \Device\Harddisk0\DR0\Partition3 - ok
16:59:51.0229 3268  [ 17ACB6D2A2FEBAB29A77ABEF0D04276C ] \Device\Harddisk0\DR0\Partition4
16:59:51.0261 3268  \Device\Harddisk0\DR0\Partition4 - ok
16:59:51.0276 3268  [ 413066B3A000F832F860D35D5C61AB79 ] \Device\Harddisk0\DR0\Partition5
16:59:51.0307 3268  \Device\Harddisk0\DR0\Partition5 - ok
16:59:51.0307 3268  [ BE5F6BB3B2564600A1AAD29B8E0E5954 ] \Device\Harddisk1\DR1\Partition1
16:59:51.0307 3268  \Device\Harddisk1\DR1\Partition1 - ok
16:59:51.0307 3268  ============================================================
16:59:51.0307 3268  Scan finished
16:59:51.0307 3268  ============================================================
16:59:51.0323 3320  Detected object count: 4
16:59:51.0323 3320  Actual detected object count: 4
17:00:06.0502 3320  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:06.0502 3320  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:06.0517 3320  avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:06.0517 3320  avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:06.0517 3320  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:06.0517 3320  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:06.0517 3320  Winmgmt ( LockedFile.Multi.Generic ) - skipped by user
17:00:06.0517 3320  Winmgmt ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.01.2013, 17:15   #14
markusg
/// Malware-holic
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



hi,
lade:
http://download.bleepingcomputer.com.../7/Winmgmt.reg
doppelklicken, nachfrage bestätigen, neustarten.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 17:37   #15
nyrt
 
Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Standard

Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht



doppelgeklickt etc, neugestartet.

ComboFix ausgeführt. vorher Avira Antivir deaktiviert. Dann meinte ComboFix, dass Panda Cloud aktiv sei. Dabei hatte ich es schon vor längerem deinstalliert. Auch eine neue Vergewisserung ob es sich nicht doch noch irgendwo versteckt war erfolglos. Nicht aufzufinden.

Combofix ausgeführt. Dann laufen ja die Stufen durch. irgendwann poppt ein neues Fenster auf, dass PEV.exe nicht mehr richtig funktionieren würde und beendet werden würde. Combofix lief aber weiter durch

nun isses bei stufe 50

lösche dateien

einmal rwvesyd.pad

und

IDropPTB.dll

und macht nichts mehr. sind auch keine Symbole mehr da. nur noch mein Hintergrund. PC scheint auch nicht mehr zu arbeiten

Antwort

Themen zu Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht
abgesicherten, abgesicherter, abgesicherter modus startet nicht, andere, bootfähige, computer, ebenfalls, einfach, erscheint, funktioniert, gesperrt, guten, hochfahren, laufwerk, lieber, modus, runter, sekunden, stark, starte, starten, startet, startet nicht, stelle, threads, versucht



Ähnliche Themen: Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht


  1. GVU Trojaner - abgesicherter Modus startet nicht
    Log-Analyse und Auswertung - 07.12.2013 (19)
  2. Windows 8 : abgesicherter Modus geht nicht, Desktop gesperrt
    Log-Analyse und Auswertung - 30.11.2013 (1)
  3. Windows XP: GUV Trojaner - abgesicherter Modus startet nicht
    Log-Analyse und Auswertung - 28.11.2013 (17)
  4. GVU Trojaner. Abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (2)
  5. GVU Interpol Merkel-Trojaner Windows XP abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (3)
  6. Windows 8 startet nicht - schwarzer Bilderschirm - Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 25.08.2013 (7)
  7. BKA Trojaner+Abgesicherter Modus gesperrt+Systemwiederherstellung nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (8)
  8. Computer von GVU Gesperrt auch abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (29)
  9. Treiber geblockt! PC-Stillstand und Abgesicherter Modus startet nicht.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (1)
  10. Computer und abgesicherter Modus gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (6)
  11. GVU Trojaner - Computer gesperrt - Abgesicherter Modus nicht nutzbar - Scan mit OTL eingefügt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (12)
  12. GVU auf Windows XP / abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (38)
  13. GVU TROJANER - Abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (13)
  14. Windows 7 Pro gesperrt - 100 Euro- abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (17)
  15. System tools 2011 - Abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (3)
  16. Laptop Startet Nicht, Abgesicherter Modus auch nicht! Virus... Was machen?
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (2)
  17. win32.keylogger.aa, PC startet nicht mehr, abgesicherter Modus geh nicht...
    Plagegeister aller Art und deren Bekämpfung - 28.08.2008 (1)

Zum Thema Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht - Guten Tag, aufmerksam habe ich bereits andere Threads gelesen und versucht in Kombination mit meinem eigenen Können (Lesen und Anwenden) mein "GVU Ihr PC ist gesperrt"-Problem zu lösen. Vergebens. Mein - Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht...
Archiv
Du betrachtest: Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.