Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus beseitigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.05.2013, 18:10   #1
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



Guten Tag,
Ich habe gestern Abend eine Meldung von der Windows-Firewall erhalten dass ein Programm im Temp-Verzeichniss zugriff auf das Netzwerk haben möchte. Das hat mich stutzig gemacht vorallem weil das Programm den Namen winhglf.exe trug. Ich hatte den Verdacht das ich mir etwas eingefangen habe also habe ich mit der offensichtlichsten Möglichkeit angefungen und mir einmal die versteckten Dateien anzeigen lassen. Ich habe auf allen meinen Festplatten eine *.exe Datei gefunden mit zugehöriger Verdächtiger Autorun.inf. Als ich dann heute den Rechner anstellte wollte aufeinmal OpenOffice ins Netzwerk. das habe ich natürlich nicht zugelassen und habe OpenOffice beendet. Danach wollten alle meine Programme der Reihe nach Internet Zugriff(Ich habe jedesmal verneint und das Programm geschlossen). Ich vermute der Virus hat sich jedesmal ein anderes Programm zum reinklinken gesucht. Wie aus den Logs auch hervorgeht habe ich es versäumt einen Virenscanner zu installieren. Die Frage ist jetzt: Wie bereinige ich mein System? und welchen Virenscanner soll ich danach installieren?

Alt 05.05.2013, 00:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.05.2013, 15:02   #3
Alpollo
 
Virus beseitigung - Standard

Malwarebytes Logs



Hier ist erstmal der log von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

05.05.2013 13:03:06
MBAM-log-2013-05-05 (14-55-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1383369
Laufzeit: 57 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 18
C:\$Recycle.Bin\S-1-5-21-2024084861-1788145079-704121185-1000\$RNB5F3K.7z (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
D:\beabf.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R1ENBIF.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R3XFUYT.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
D:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RGV2M1H.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\offt.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RS1XNNN.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RT649K3.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RZI8C42.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\ProgramData\Skype\Plugins\Local Cache\86B67BC476C5410CA9C1F0FE1D97BEB2_more.jpg (Extension.Mismatch) -> Keine Aktion durchgeführt.
F:\giyfg.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$R5T611S.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RDF9MMT.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RDS9VLY.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RI3L8NB.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RKHFYO6.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RKVDX20.pif (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
F:\$RECYCLE.BIN\S-1-5-21-2024084861-1788145079-704121185-1000\$RM0OL8T.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Andere Scanner hab ich noch nicht benutzt...falls ich noch weitere Logs Posten soll einfach nochmal antworten.
__________________

Alt 06.05.2013, 10:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 20:30   #5
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



mbar.exe - system-log
Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8569864192, free: 3607683072

------------ Kernel report ------------
     05/06/2013 19:39:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\hcw88aud.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\hcw88vid.sys
\SystemRoot\system32\drivers\STREAM.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\hcw88tse.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\HCW88BAR.sys
\SystemRoot\system32\drivers\hcw88bda.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007533060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa8007322060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007532060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xfffffa800732e4e0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007531060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa800733b680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007530060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007308060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.05.06.07
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007530060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007530b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007530060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007308060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a008e6ec00, 0xfffffa8007530060, 0xfffffa8007038790
Lower DeviceData: 0xfffff8a009c40d10, 0xfffffa8007308060, 0xfffffa800a22d3d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 659AA457

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 234231808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007531060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007531b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007531060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800733b680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c9fb9d0, 0xfffffa8007531060, 0xfffffa800718a790
Lower DeviceData: 0xfffff8a002f8e5b0, 0xfffffa800733b680, 0xfffffa800c1da090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1EC31EC2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 312576000
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007532060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007532b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007532060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800732e4e0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a009c5eb10, 0xfffffa8007532060, 0xfffffa800720a090
Lower DeviceData: 0xfffff8a009c5e980, 0xfffffa800732e4e0, 0xfffffa8006f0b750
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C0204B8A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007533060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007533b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007533060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d27e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007322060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00a02d8e0, 0xfffffa8007533060, 0xfffffa80086fb290
Lower DeviceData: 0xfffff8a009650200, 0xfffffa8007322060, 0xfffffa800bf7d8c0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F2AEE19

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: c:\Users\***\AppData\Local\Temp\winxeyj.exe --> [Trojan.Downloader]
Infected: c:\Users\***\AppData\Local\Temp\winxeyj.exe --> [Trojan.Downloader]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8569864192, free: 7670947840

Removal queue found; removal started
Removing c:\Users\***\AppData\Local\Temp\winxeyj.exe...
Removal finished
=======================================
         
mbar.exe - mbar-log-2013-05-06 (19-44-47)
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

06.05.2013 19:44:47
mbar-log-2013-05-06 (19-44-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30282
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 1
c:\Users\***\AppData\Local\Temp\winxeyj.exe (Trojan.Downloader) -> 2644 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\***\AppData\Local\Temp\winxeyj.exe (Trojan.Downloader) -> Delete on reboot.

(end)
         
TDSKiller log
Code:
ATTFilter
20:10:54.0225 4792  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:10:54.0762 4792  ============================================================
20:10:54.0762 4792  Current date / time: 2013/05/06 20:10:54.0762
20:10:54.0762 4792  SystemInfo:
20:10:54.0762 4792  
20:10:54.0762 4792  OS Version: 6.1.7601 ServicePack: 1.0
20:10:54.0762 4792  Product type: Workstation
20:10:54.0762 4792  ComputerName: ***-PC
20:10:54.0763 4792  UserName: ***
20:10:54.0763 4792  Windows directory: C:\Windows
20:10:54.0763 4792  System windows directory: C:\Windows
20:10:54.0763 4792  Running under WOW64
20:10:54.0763 4792  Processor architecture: Intel x64
20:10:54.0763 4792  Number of processors: 4
20:10:54.0763 4792  Page size: 0x1000
20:10:54.0763 4792  Boot type: Normal boot
20:10:54.0763 4792  ============================================================
20:10:54.0910 4792  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0926 4792  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0935 4792  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0967 4792  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:54.0970 4792  ============================================================
20:10:54.0970 4792  \Device\Harddisk0\DR0:
20:10:54.0971 4792  MBR partitions:
20:10:54.0971 4792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:10:54.0971 4792  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:10:54.0971 4792  \Device\Harddisk3\DR3:
20:10:54.0971 4792  MBR partitions:
20:10:54.0971 4792  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:10:54.0971 4792  \Device\Harddisk2\DR2:
20:10:54.0971 4792  MBR partitions:
20:10:54.0971 4792  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:10:54.0971 4792  \Device\Harddisk1\DR1:
20:10:54.0971 4792  MBR partitions:
20:10:54.0971 4792  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
20:10:54.0971 4792  ============================================================
20:10:54.0972 4792  C: <-> \Device\Harddisk0\DR0\Partition2
20:10:54.0999 4792  D: <-> \Device\Harddisk1\DR1\Partition1
20:10:55.0021 4792  E: <-> \Device\Harddisk3\DR3\Partition1
20:10:55.0038 4792  F: <-> \Device\Harddisk2\DR2\Partition1
20:10:55.0038 4792  ============================================================
20:10:55.0038 4792  Initialize success
20:10:55.0038 4792  ============================================================
20:11:18.0434 4028  ============================================================
20:11:18.0434 4028  Scan started
20:11:18.0434 4028  Mode: Manual; SigCheck; TDLFS; 
20:11:18.0434 4028  ============================================================
20:11:18.0649 4028  ================ Scan system memory ========================
20:11:18.0649 4028  System memory - ok
20:11:18.0649 4028  ================ Scan services =============================
20:11:18.0689 4028  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:11:18.0728 4028  1394ohci - ok
20:11:18.0733 4028  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:11:18.0743 4028  ACPI - ok
20:11:18.0746 4028  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:11:18.0760 4028  AcpiPmi - ok
20:11:18.0764 4028  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:18.0770 4028  AdobeARMservice - ok
20:11:18.0795 4028  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:18.0804 4028  AdobeFlashPlayerUpdateSvc - ok
20:11:18.0810 4028  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:11:18.0821 4028  adp94xx - ok
20:11:18.0826 4028  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:11:18.0836 4028  adpahci - ok
20:11:18.0839 4028  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:11:18.0846 4028  adpu320 - ok
20:11:18.0850 4028  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:11:18.0893 4028  AeLookupSvc - ok
20:11:18.0899 4028  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:11:18.0912 4028  AFD - ok
20:11:18.0921 4028  [ B20C64A91C08A992B1C70B290477A2B0 ] Agile1Password  C:\Program Files (x86)\1Password\Agile1pService.exe
20:11:18.0933 4028  Agile1Password - ok
20:11:18.0936 4028  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:11:18.0942 4028  agp440 - ok
20:11:18.0945 4028  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:11:18.0955 4028  ALG - ok
20:11:18.0957 4028  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:11:18.0962 4028  aliide - ok
20:11:18.0965 4028  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:11:18.0970 4028  amdide - ok
20:11:18.0972 4028  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:11:18.0980 4028  AmdK8 - ok
20:11:18.0982 4028  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:11:18.0990 4028  AmdPPM - ok
20:11:18.0993 4028  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:11:18.0999 4028  amdsata - ok
20:11:19.0002 4028  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:11:19.0010 4028  amdsbs - ok
20:11:19.0013 4028  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:11:19.0018 4028  amdxata - ok
20:11:19.0020 4028  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:11:19.0065 4028  AppID - ok
20:11:19.0068 4028  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:11:19.0089 4028  AppIDSvc - ok
20:11:19.0091 4028  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:11:19.0112 4028  Appinfo - ok
20:11:19.0116 4028  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:19.0121 4028  Apple Mobile Device - ok
20:11:19.0124 4028  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:11:19.0130 4028  arc - ok
20:11:19.0132 4028  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:11:19.0139 4028  arcsas - ok
20:11:19.0150 4028  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:11:19.0158 4028  aspnet_state - ok
20:11:19.0160 4028  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:19.0180 4028  AsyncMac - ok
20:11:19.0183 4028  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:11:19.0188 4028  atapi - ok
20:11:19.0196 4028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:11:19.0222 4028  AudioEndpointBuilder - ok
20:11:19.0229 4028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:11:19.0253 4028  AudioSrv - ok
20:11:19.0256 4028  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:11:19.0267 4028  AxInstSV - ok
20:11:19.0273 4028  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:11:19.0284 4028  b06bdrv - ok
20:11:19.0289 4028  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:19.0298 4028  b57nd60a - ok
20:11:19.0302 4028  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:11:19.0310 4028  BDESVC - ok
20:11:19.0312 4028  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:11:19.0333 4028  Beep - ok
20:11:19.0340 4028  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:11:19.0367 4028  BFE - ok
20:11:19.0375 4028  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:11:19.0405 4028  BITS - ok
20:11:19.0407 4028  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:19.0414 4028  blbdrive - ok
20:11:19.0420 4028  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:11:19.0430 4028  Bonjour Service - ok
20:11:19.0433 4028  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:11:19.0440 4028  bowser - ok
20:11:19.0442 4028  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:11:19.0451 4028  BrFiltLo - ok
20:11:19.0453 4028  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:11:19.0461 4028  BrFiltUp - ok
20:11:19.0464 4028  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:11:19.0472 4028  Browser - ok
20:11:19.0476 4028  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:11:19.0487 4028  Brserid - ok
20:11:19.0489 4028  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:19.0498 4028  BrSerWdm - ok
20:11:19.0500 4028  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:19.0508 4028  BrUsbMdm - ok
20:11:19.0510 4028  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:19.0517 4028  BrUsbSer - ok
20:11:19.0519 4028  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:11:19.0528 4028  BTHMODEM - ok
20:11:19.0532 4028  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:11:19.0553 4028  bthserv - ok
20:11:19.0556 4028  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:11:19.0577 4028  cdfs - ok
20:11:19.0580 4028  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:11:19.0588 4028  cdrom - ok
20:11:19.0591 4028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:11:19.0612 4028  CertPropSvc - ok
20:11:19.0614 4028  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:11:19.0623 4028  circlass - ok
20:11:19.0628 4028  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:11:19.0638 4028  CLFS - ok
20:11:19.0642 4028  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:19.0648 4028  clr_optimization_v2.0.50727_32 - ok
20:11:19.0653 4028  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:19.0659 4028  clr_optimization_v2.0.50727_64 - ok
20:11:19.0668 4028  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:19.0678 4028  clr_optimization_v4.0.30319_32 - ok
20:11:19.0681 4028  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:19.0688 4028  clr_optimization_v4.0.30319_64 - ok
20:11:19.0691 4028  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:11:19.0697 4028  CmBatt - ok
20:11:19.0700 4028  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:11:19.0705 4028  cmdide - ok
20:11:19.0711 4028  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:11:19.0726 4028  CNG - ok
20:11:19.0729 4028  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:11:19.0734 4028  Compbatt - ok
20:11:19.0736 4028  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:11:19.0745 4028  CompositeBus - ok
20:11:19.0747 4028  COMSysApp - ok
20:11:19.0749 4028  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:11:19.0756 4028  crcdisk - ok
20:11:19.0760 4028  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:11:19.0768 4028  CryptSvc - ok
20:11:19.0775 4028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:11:19.0800 4028  DcomLaunch - ok
20:11:19.0805 4028  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:11:19.0829 4028  defragsvc - ok
20:11:19.0832 4028  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:11:19.0853 4028  DfsC - ok
20:11:19.0857 4028  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:11:19.0881 4028  Dhcp - ok
20:11:19.0883 4028  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:11:19.0904 4028  discache - ok
20:11:19.0907 4028  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:11:19.0913 4028  Disk - ok
20:11:19.0916 4028  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:11:19.0926 4028  Dnscache - ok
20:11:19.0930 4028  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:11:19.0952 4028  dot3svc - ok
20:11:19.0955 4028  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:11:19.0977 4028  DPS - ok
20:11:19.0979 4028  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:11:19.0987 4028  drmkaud - ok
20:11:19.0997 4028  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:11:20.0012 4028  DXGKrnl - ok
20:11:20.0015 4028  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:11:20.0037 4028  EapHost - ok
20:11:20.0063 4028  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:11:20.0099 4028  ebdrv - ok
20:11:20.0102 4028  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:11:20.0110 4028  EFS - ok
20:11:20.0118 4028  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:11:20.0133 4028  ehRecvr - ok
20:11:20.0136 4028  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:11:20.0145 4028  ehSched - ok
20:11:20.0151 4028  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:11:20.0162 4028  elxstor - ok
20:11:20.0164 4028  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:11:20.0171 4028  ErrDev - ok
20:11:20.0178 4028  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:11:20.0202 4028  EventSystem - ok
20:11:20.0206 4028  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:11:20.0228 4028  exfat - ok
20:11:20.0232 4028  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:11:20.0255 4028  fastfat - ok
20:11:20.0262 4028  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:11:20.0276 4028  Fax - ok
20:11:20.0278 4028  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:11:20.0285 4028  fdc - ok
20:11:20.0287 4028  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:11:20.0307 4028  fdPHost - ok
20:11:20.0310 4028  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:11:20.0331 4028  FDResPub - ok
20:11:20.0333 4028  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:11:20.0339 4028  FileInfo - ok
20:11:20.0341 4028  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:11:20.0362 4028  Filetrace - ok
20:11:20.0364 4028  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:11:20.0371 4028  flpydisk - ok
20:11:20.0375 4028  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:11:20.0383 4028  FltMgr - ok
20:11:20.0394 4028  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
20:11:20.0426 4028  FontCache - ok
20:11:20.0429 4028  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:20.0434 4028  FontCache3.0.0.0 - ok
20:11:20.0436 4028  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:11:20.0442 4028  FsDepends - ok
20:11:20.0444 4028  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:11:20.0449 4028  Fs_Rec - ok
20:11:20.0453 4028  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:11:20.0462 4028  fvevol - ok
20:11:20.0465 4028  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:11:20.0471 4028  gagp30kx - ok
20:11:20.0473 4028  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:20.0477 4028  GEARAspiWDM - ok
20:11:20.0485 4028  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:11:20.0512 4028  gpsvc - ok
20:11:20.0516 4028  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:20.0521 4028  gupdate - ok
20:11:20.0524 4028  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:20.0528 4028  gupdatem - ok
20:11:20.0530 4028  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:11:20.0537 4028  hcw85cir - ok
20:11:20.0540 4028  [ 7760B09A8CD0045B926157C1939DCABD ] HCW88AUD        C:\Windows\system32\drivers\hcw88aud.sys
20:11:20.0547 4028  HCW88AUD - ok
20:11:20.0550 4028  [ 179D17EFDBCBCFDE082C8D7ABB120A18 ] hcw88bda        C:\Windows\system32\drivers\hcw88bda.sys
20:11:20.0559 4028  hcw88bda - ok
20:11:20.0564 4028  [ 97436988B521CB9CEF87D8F1197AD497 ] HCW88TSE        C:\Windows\system32\drivers\hcw88tse.sys
20:11:20.0573 4028  HCW88TSE - ok
20:11:20.0578 4028  [ 3DA6F77699C258A59FC1CE6A288976EA ] hcw88vid        C:\Windows\system32\drivers\hcw88vid.sys
20:11:20.0589 4028  hcw88vid - ok
20:11:20.0591 4028  [ AEE8CD58999455A3B8CECFE086FAD8A6 ] HCW88XBAR       C:\Windows\system32\drivers\HCW88BAR.sys
20:11:20.0597 4028  HCW88XBAR - ok
20:11:20.0602 4028  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:11:20.0613 4028  HdAudAddService - ok
20:11:20.0616 4028  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:20.0625 4028  HDAudBus - ok
20:11:20.0628 4028  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:11:20.0634 4028  HidBatt - ok
20:11:20.0637 4028  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:11:20.0646 4028  HidBth - ok
20:11:20.0649 4028  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:11:20.0657 4028  HidIr - ok
20:11:20.0660 4028  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:11:20.0681 4028  hidserv - ok
20:11:20.0683 4028  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:11:20.0690 4028  HidUsb - ok
20:11:20.0692 4028  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:11:20.0714 4028  hkmsvc - ok
20:11:20.0718 4028  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:11:20.0727 4028  HomeGroupListener - ok
20:11:20.0731 4028  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:11:20.0740 4028  HomeGroupProvider - ok
20:11:20.0743 4028  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:11:20.0749 4028  HpSAMD - ok
20:11:20.0757 4028  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:11:20.0784 4028  HTTP - ok
20:11:20.0786 4028  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:11:20.0791 4028  hwpolicy - ok
20:11:20.0794 4028  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:11:20.0801 4028  i8042prt - ok
20:11:20.0806 4028  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:11:20.0816 4028  iaStorV - ok
20:11:20.0825 4028  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:20.0840 4028  idsvc - ok
20:11:20.0842 4028  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:11:20.0848 4028  iirsp - ok
20:11:20.0857 4028  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:11:20.0884 4028  IKEEXT - ok
20:11:20.0887 4028  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:11:20.0893 4028  intelide - ok
20:11:20.0895 4028  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:11:20.0902 4028  intelppm - ok
20:11:20.0905 4028  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:11:20.0926 4028  IPBusEnum - ok
20:11:20.0929 4028  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:20.0950 4028  IpFilterDriver - ok
20:11:20.0956 4028  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:11:20.0981 4028  iphlpsvc - ok
20:11:20.0984 4028  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:11:20.0991 4028  IPMIDRV - ok
20:11:20.0994 4028  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:11:21.0016 4028  IPNAT - ok
20:11:21.0025 4028  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:11:21.0040 4028  iPod Service - ok
20:11:21.0042 4028  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:11:21.0052 4028  IRENUM - ok
20:11:21.0054 4028  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:11:21.0059 4028  isapnp - ok
20:11:21.0064 4028  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:11:21.0072 4028  iScsiPrt - ok
20:11:21.0075 4028  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:21.0080 4028  kbdclass - ok
20:11:21.0082 4028  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:21.0089 4028  kbdhid - ok
20:11:21.0091 4028  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:11:21.0097 4028  KeyIso - ok
20:11:21.0100 4028  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:11:21.0106 4028  KSecDD - ok
20:11:21.0109 4028  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:11:21.0116 4028  KSecPkg - ok
20:11:21.0118 4028  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:11:21.0139 4028  ksthunk - ok
20:11:21.0144 4028  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:11:21.0168 4028  KtmRm - ok
20:11:21.0172 4028  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:11:21.0195 4028  LanmanServer - ok
20:11:21.0198 4028  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:11:21.0220 4028  LanmanWorkstation - ok
20:11:21.0223 4028  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:11:21.0244 4028  lltdio - ok
20:11:21.0249 4028  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:11:21.0272 4028  lltdsvc - ok
20:11:21.0275 4028  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:11:21.0296 4028  lmhosts - ok
20:11:21.0299 4028  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:11:21.0306 4028  LSI_FC - ok
20:11:21.0309 4028  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:11:21.0315 4028  LSI_SAS - ok
20:11:21.0317 4028  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:11:21.0324 4028  LSI_SAS2 - ok
20:11:21.0326 4028  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:11:21.0333 4028  LSI_SCSI - ok
20:11:21.0336 4028  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:11:21.0358 4028  luafv - ok
20:11:21.0361 4028  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:11:21.0368 4028  Mcx2Svc - ok
20:11:21.0371 4028  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:11:21.0376 4028  megasas - ok
20:11:21.0381 4028  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:11:21.0390 4028  MegaSR - ok
20:11:21.0392 4028  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:11:21.0413 4028  MMCSS - ok
20:11:21.0416 4028  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:11:21.0437 4028  Modem - ok
20:11:21.0439 4028  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:11:21.0448 4028  monitor - ok
20:11:21.0450 4028  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:11:21.0455 4028  mouclass - ok
20:11:21.0457 4028  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:11:21.0464 4028  mouhid - ok
20:11:21.0467 4028  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:11:21.0473 4028  mountmgr - ok
20:11:21.0476 4028  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:21.0482 4028  MozillaMaintenance - ok
20:11:21.0486 4028  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:11:21.0493 4028  mpio - ok
20:11:21.0496 4028  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:11:21.0516 4028  mpsdrv - ok
20:11:21.0525 4028  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:11:21.0552 4028  MpsSvc - ok
20:11:21.0556 4028  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:11:21.0567 4028  MRxDAV - ok
20:11:21.0571 4028  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:21.0579 4028  mrxsmb - ok
20:11:21.0583 4028  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:21.0592 4028  mrxsmb10 - ok
20:11:21.0595 4028  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:21.0602 4028  mrxsmb20 - ok
20:11:21.0604 4028  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:11:21.0610 4028  msahci - ok
20:11:21.0613 4028  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:11:21.0619 4028  msdsm - ok
20:11:21.0622 4028  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:11:21.0631 4028  MSDTC - ok
20:11:21.0635 4028  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:11:21.0655 4028  Msfs - ok
20:11:21.0657 4028  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:11:21.0678 4028  mshidkmdf - ok
20:11:21.0680 4028  MSICDSetup - ok
20:11:21.0682 4028  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:11:21.0688 4028  msisadrv - ok
20:11:21.0691 4028  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:11:21.0713 4028  MSiSCSI - ok
20:11:21.0715 4028  msiserver - ok
20:11:21.0717 4028  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:11:21.0738 4028  MSKSSRV - ok
20:11:21.0740 4028  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:21.0761 4028  MSPCLOCK - ok
20:11:21.0763 4028  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:11:21.0783 4028  MSPQM - ok
20:11:21.0788 4028  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:11:21.0798 4028  MsRPC - ok
20:11:21.0801 4028  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:21.0807 4028  mssmbios - ok
20:11:21.0809 4028  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:11:21.0831 4028  MSTEE - ok
20:11:21.0833 4028  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:11:21.0839 4028  MTConfig - ok
20:11:21.0842 4028  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:11:21.0847 4028  Mup - ok
20:11:21.0853 4028  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:11:21.0878 4028  napagent - ok
20:11:21.0883 4028  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:11:21.0895 4028  NativeWifiP - ok
20:11:21.0905 4028  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:11:21.0922 4028  NDIS - ok
20:11:21.0924 4028  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:21.0945 4028  NdisCap - ok
20:11:21.0947 4028  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:21.0967 4028  NdisTapi - ok
20:11:21.0970 4028  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:21.0991 4028  Ndisuio - ok
20:11:21.0994 4028  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:22.0016 4028  NdisWan - ok
20:11:22.0018 4028  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:11:22.0038 4028  NDProxy - ok
20:11:22.0041 4028  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:11:22.0062 4028  NetBIOS - ok
20:11:22.0066 4028  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:11:22.0088 4028  NetBT - ok
20:11:22.0090 4028  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:11:22.0096 4028  Netlogon - ok
20:11:22.0101 4028  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:11:22.0126 4028  Netman - ok
20:11:22.0129 4028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0136 4028  NetMsmqActivator - ok
20:11:22.0138 4028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0144 4028  NetPipeActivator - ok
20:11:22.0149 4028  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:11:22.0175 4028  netprofm - ok
20:11:22.0178 4028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0183 4028  NetTcpActivator - ok
20:11:22.0185 4028  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:22.0191 4028  NetTcpPortSharing - ok
20:11:22.0193 4028  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:11:22.0199 4028  nfrd960 - ok
20:11:22.0203 4028  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:11:22.0227 4028  NlaSvc - ok
20:11:22.0230 4028  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
20:11:22.0236 4028  NPF - ok
20:11:22.0239 4028  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:11:22.0260 4028  Npfs - ok
20:11:22.0262 4028  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:11:22.0283 4028  nsi - ok
20:11:22.0285 4028  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:11:22.0306 4028  nsiproxy - ok
20:11:22.0322 4028  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:11:22.0348 4028  Ntfs - ok
20:11:22.0351 4028  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:11:22.0371 4028  Null - ok
20:11:22.0375 4028  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:11:22.0381 4028  NVHDA - ok
20:11:22.0501 4028  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:22.0607 4028  nvlddmkm - ok
20:11:22.0613 4028  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:11:22.0620 4028  nvraid - ok
20:11:22.0623 4028  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:11:22.0630 4028  nvstor - ok
20:11:22.0639 4028  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:11:22.0654 4028  nvsvc - ok
20:11:22.0666 4028  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:11:22.0685 4028  nvUpdatusService - ok
20:11:22.0688 4028  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:11:22.0695 4028  nv_agp - ok
20:11:22.0697 4028  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:11:22.0705 4028  ohci1394 - ok
20:11:22.0709 4028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:11:22.0720 4028  p2pimsvc - ok
20:11:22.0725 4028  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:11:22.0736 4028  p2psvc - ok
20:11:22.0739 4028  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:11:22.0747 4028  Parport - ok
20:11:22.0749 4028  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:11:22.0755 4028  partmgr - ok
20:11:22.0759 4028  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:11:22.0771 4028  PcaSvc - ok
20:11:22.0774 4028  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:11:22.0782 4028  pci - ok
20:11:22.0784 4028  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:11:22.0789 4028  pciide - ok
20:11:22.0793 4028  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:11:22.0801 4028  pcmcia - ok
20:11:22.0803 4028  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:11:22.0809 4028  pcw - ok
20:11:22.0815 4028  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:11:22.0843 4028  PEAUTH - ok
20:11:22.0866 4028  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:11:22.0873 4028  PerfHost - ok
20:11:22.0888 4028  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:11:22.0922 4028  pla - ok
20:11:22.0928 4028  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:11:22.0940 4028  PlugPlay - ok
20:11:22.0942 4028  PnkBstrA - ok
20:11:22.0945 4028  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:11:22.0951 4028  PNRPAutoReg - ok
20:11:22.0955 4028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:11:22.0963 4028  PNRPsvc - ok
20:11:22.0970 4028  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:11:22.0994 4028  PolicyAgent - ok
20:11:22.0999 4028  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:11:23.0021 4028  Power - ok
20:11:23.0024 4028  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:11:23.0045 4028  PptpMiniport - ok
20:11:23.0048 4028  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:11:23.0055 4028  Processor - ok
20:11:23.0058 4028  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:11:23.0081 4028  ProfSvc - ok
20:11:23.0083 4028  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:11:23.0089 4028  ProtectedStorage - ok
20:11:23.0092 4028  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:11:23.0113 4028  Psched - ok
20:11:23.0127 4028  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:11:23.0150 4028  ql2300 - ok
20:11:23.0153 4028  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:11:23.0161 4028  ql40xx - ok
20:11:23.0165 4028  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:11:23.0177 4028  QWAVE - ok
20:11:23.0179 4028  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:11:23.0190 4028  QWAVEdrv - ok
20:11:23.0192 4028  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:11:23.0213 4028  RasAcd - ok
20:11:23.0216 4028  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:23.0236 4028  RasAgileVpn - ok
20:11:23.0239 4028  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:11:23.0262 4028  RasAuto - ok
20:11:23.0265 4028  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:23.0285 4028  Rasl2tp - ok
20:11:23.0290 4028  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:11:23.0313 4028  RasMan - ok
20:11:23.0316 4028  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:23.0337 4028  RasPppoe - ok
20:11:23.0340 4028  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:11:23.0362 4028  RasSstp - ok
20:11:23.0367 4028  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:11:23.0390 4028  rdbss - ok
20:11:23.0392 4028  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:11:23.0400 4028  rdpbus - ok
20:11:23.0402 4028  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:23.0423 4028  RDPCDD - ok
20:11:23.0426 4028  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:11:23.0446 4028  RDPENCDD - ok
20:11:23.0449 4028  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:11:23.0469 4028  RDPREFMP - ok
20:11:23.0473 4028  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:11:23.0481 4028  RDPWD - ok
20:11:23.0485 4028  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:11:23.0493 4028  rdyboost - ok
20:11:23.0496 4028  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:11:23.0520 4028  RemoteAccess - ok
20:11:23.0523 4028  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:11:23.0546 4028  RemoteRegistry - ok
20:11:23.0550 4028  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
20:11:23.0556 4028  rpcapd - ok
20:11:23.0558 4028  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:11:23.0579 4028  RpcEptMapper - ok
20:11:23.0582 4028  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:11:23.0589 4028  RpcLocator - ok
20:11:23.0595 4028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:11:23.0618 4028  RpcSs - ok
20:11:23.0621 4028  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:11:23.0642 4028  rspndr - ok
20:11:23.0648 4028  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:23.0657 4028  RTL8167 - ok
20:11:23.0660 4028  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:11:23.0666 4028  SamSs - ok
20:11:23.0669 4028  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:11:23.0675 4028  sbp2port - ok
20:11:23.0679 4028  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:11:23.0702 4028  SCardSvr - ok
20:11:23.0704 4028  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:11:23.0725 4028  scfilter - ok
20:11:23.0735 4028  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:11:23.0767 4028  Schedule - ok
20:11:23.0770 4028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:11:23.0790 4028  SCPolicySvc - ok
20:11:23.0794 4028  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:11:23.0803 4028  SDRSVC - ok
20:11:23.0805 4028  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:11:23.0826 4028  secdrv - ok
20:11:23.0828 4028  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:11:23.0849 4028  seclogon - ok
20:11:23.0852 4028  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:11:23.0874 4028  SENS - ok
20:11:23.0876 4028  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:11:23.0884 4028  SensrSvc - ok
20:11:23.0886 4028  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:11:23.0893 4028  Serenum - ok
20:11:23.0896 4028  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:11:23.0903 4028  Serial - ok
20:11:23.0906 4028  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:11:23.0913 4028  sermouse - ok
20:11:23.0919 4028  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:11:23.0941 4028  SessionEnv - ok
20:11:23.0943 4028  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:11:23.0952 4028  sffdisk - ok
20:11:23.0954 4028  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:11:23.0962 4028  sffp_mmc - ok
20:11:23.0964 4028  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:11:23.0972 4028  sffp_sd - ok
20:11:23.0975 4028  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:11:23.0982 4028  sfloppy - ok
20:11:23.0987 4028  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:11:24.0012 4028  SharedAccess - ok
20:11:24.0017 4028  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:11:24.0042 4028  ShellHWDetection - ok
20:11:24.0045 4028  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:11:24.0050 4028  SiSRaid2 - ok
20:11:24.0053 4028  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:11:24.0059 4028  SiSRaid4 - ok
20:11:24.0063 4028  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:24.0069 4028  SkypeUpdate - ok
20:11:24.0072 4028  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:11:24.0094 4028  Smb - ok
20:11:24.0099 4028  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:11:24.0106 4028  SNMPTRAP - ok
20:11:24.0108 4028  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:11:24.0114 4028  spldr - ok
20:11:24.0120 4028  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
20:11:24.0146 4028  Spooler - ok
20:11:24.0177 4028  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:11:24.0233 4028  sppsvc - ok
20:11:24.0236 4028  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:11:24.0258 4028  sppuinotify - ok
20:11:24.0264 4028  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:11:24.0275 4028  srv - ok
20:11:24.0281 4028  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:11:24.0291 4028  srv2 - ok
20:11:24.0295 4028  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:11:24.0303 4028  srvnet - ok
20:11:24.0306 4028  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:11:24.0329 4028  SSDPSRV - ok
20:11:24.0332 4028  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:11:24.0354 4028  SstpSvc - ok
20:11:24.0357 4028  Steam Client Service - ok
20:11:24.0362 4028  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:11:24.0371 4028  Stereo Service - ok
20:11:24.0374 4028  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:11:24.0379 4028  stexstor - ok
20:11:24.0386 4028  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:11:24.0402 4028  stisvc - ok
20:11:24.0404 4028  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:11:24.0410 4028  swenum - ok
20:11:24.0415 4028  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:11:24.0442 4028  swprv - ok
20:11:24.0458 4028  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:11:24.0484 4028  SysMain - ok
20:11:24.0487 4028  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:11:24.0498 4028  TabletInputService - ok
20:11:24.0503 4028  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:11:24.0527 4028  TapiSrv - ok
20:11:24.0529 4028  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:11:24.0550 4028  TBS - ok
20:11:24.0571 4028  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:11:24.0600 4028  Tcpip - ok
20:11:24.0619 4028  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:11:24.0641 4028  TCPIP6 - ok
20:11:24.0645 4028  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:11:24.0665 4028  tcpipreg - ok
20:11:24.0668 4028  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:11:24.0675 4028  TDPIPE - ok
20:11:24.0677 4028  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:11:24.0683 4028  TDTCP - ok
20:11:24.0686 4028  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:11:24.0706 4028  tdx - ok
20:11:24.0709 4028  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:11:24.0714 4028  TermDD - ok
20:11:24.0722 4028  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:11:24.0749 4028  TermService - ok
20:11:24.0753 4028  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:11:24.0763 4028  Themes - ok
20:11:24.0766 4028  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:11:24.0786 4028  THREADORDER - ok
20:11:24.0789 4028  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:11:24.0811 4028  TrkWks - ok
20:11:24.0815 4028  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:11:24.0836 4028  TrustedInstaller - ok
20:11:24.0839 4028  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:24.0859 4028  tssecsrv - ok
20:11:24.0862 4028  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:11:24.0869 4028  TsUsbFlt - ok
20:11:24.0871 4028  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:11:24.0877 4028  TsUsbGD - ok
20:11:24.0880 4028  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:11:24.0901 4028  tunnel - ok
20:11:24.0903 4028  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:11:24.0909 4028  uagp35 - ok
20:11:24.0914 4028  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:11:24.0937 4028  udfs - ok
20:11:24.0941 4028  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:11:24.0949 4028  UI0Detect - ok
20:11:24.0951 4028  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:11:24.0957 4028  uliagpkx - ok
20:11:24.0960 4028  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:11:24.0967 4028  umbus - ok
20:11:24.0969 4028  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:11:24.0976 4028  UmPass - ok
20:11:24.0981 4028  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:11:25.0006 4028  upnphost - ok
20:11:25.0009 4028  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:11:25.0016 4028  USBAAPL64 - ok
20:11:25.0019 4028  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:11:25.0028 4028  usbaudio - ok
20:11:25.0031 4028  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:25.0038 4028  usbccgp - ok
20:11:25.0041 4028  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:11:25.0050 4028  usbcir - ok
20:11:25.0052 4028  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:11:25.0059 4028  usbehci - ok
20:11:25.0064 4028  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:11:25.0074 4028  usbhub - ok
20:11:25.0076 4028  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:11:25.0083 4028  usbohci - ok
20:11:25.0085 4028  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:11:25.0094 4028  usbprint - ok
20:11:25.0096 4028  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:25.0104 4028  USBSTOR - ok
20:11:25.0106 4028  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:11:25.0114 4028  usbuhci - ok
20:11:25.0117 4028  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:11:25.0127 4028  usbvideo - ok
20:11:25.0130 4028  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:11:25.0152 4028  UxSms - ok
20:11:25.0154 4028  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:11:25.0161 4028  VaultSvc - ok
20:11:25.0163 4028  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:11:25.0168 4028  vdrvroot - ok
20:11:25.0175 4028  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:11:25.0201 4028  vds - ok
20:11:25.0203 4028  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:25.0211 4028  vga - ok
20:11:25.0213 4028  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:11:25.0234 4028  VgaSave - ok
20:11:25.0238 4028  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:11:25.0246 4028  vhdmp - ok
20:11:25.0248 4028  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:11:25.0254 4028  viaide - ok
20:11:25.0256 4028  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:11:25.0263 4028  volmgr - ok
20:11:25.0267 4028  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:11:25.0277 4028  volmgrx - ok
20:11:25.0281 4028  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:11:25.0290 4028  volsnap - ok
20:11:25.0293 4028  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:11:25.0301 4028  vsmraid - ok
20:11:25.0314 4028  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:11:25.0350 4028  VSS - ok
20:11:25.0352 4028  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:11:25.0361 4028  vwifibus - ok
20:11:25.0366 4028  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:11:25.0390 4028  W32Time - ok
20:11:25.0394 4028  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:11:25.0401 4028  WacomPen - ok
20:11:25.0403 4028  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:11:25.0424 4028  WANARP - ok
20:11:25.0426 4028  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:11:25.0446 4028  Wanarpv6 - ok
20:11:25.0460 4028  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:11:25.0482 4028  wbengine - ok
20:11:25.0485 4028  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:11:25.0497 4028  WbioSrvc - ok
20:11:25.0502 4028  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:11:25.0516 4028  wcncsvc - ok
20:11:25.0518 4028  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:11:25.0526 4028  WcsPlugInService - ok
20:11:25.0528 4028  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:11:25.0533 4028  Wd - ok
20:11:25.0540 4028  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:11:25.0553 4028  Wdf01000 - ok
20:11:25.0556 4028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:11:25.0578 4028  WdiServiceHost - ok
20:11:25.0580 4028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:11:25.0590 4028  WdiSystemHost - ok
20:11:25.0594 4028  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:11:25.0606 4028  WebClient - ok
20:11:25.0610 4028  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:11:25.0634 4028  Wecsvc - ok
20:11:25.0637 4028  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:11:25.0659 4028  wercplsupport - ok
20:11:25.0661 4028  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:11:25.0683 4028  WerSvc - ok
20:11:25.0685 4028  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:25.0705 4028  WfpLwf - ok
20:11:25.0708 4028  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:11:25.0713 4028  WIMMount - ok
20:11:25.0714 4028  WinDefend - ok
20:11:25.0718 4028  WinHttpAutoProxySvc - ok
20:11:25.0725 4028  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:11:25.0747 4028  Winmgmt - ok
20:11:25.0765 4028  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:11:25.0803 4028  WinRM - ok
20:11:25.0808 4028  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:25.0816 4028  WinUsb - ok
20:11:25.0825 4028  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:11:25.0844 4028  Wlansvc - ok
20:11:25.0846 4028  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:11:25.0852 4028  WmiAcpi - ok
20:11:25.0857 4028  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:11:25.0866 4028  wmiApSrv - ok
20:11:25.0867 4028  WMPNetworkSvc - ok
20:11:25.0870 4028  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:11:25.0877 4028  WPCSvc - ok
20:11:25.0880 4028  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:11:25.0888 4028  WPDBusEnum - ok
20:11:25.0891 4028  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:11:25.0911 4028  ws2ifsl - ok
20:11:25.0914 4028  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:11:25.0925 4028  wscsvc - ok
20:11:25.0927 4028  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:11:25.0935 4028  WSDPrintDevice - ok
20:11:25.0937 4028  WSearch - ok
20:11:25.0960 4028  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:11:25.0994 4028  wuauserv - ok
20:11:25.0997 4028  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:11:26.0018 4028  WudfPf - ok
20:11:26.0022 4028  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:26.0043 4028  WUDFRd - ok
20:11:26.0046 4028  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:11:26.0067 4028  wudfsvc - ok
20:11:26.0071 4028  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:11:26.0083 4028  WwanSvc - ok
20:11:26.0086 4028  ================ Scan global ===============================
20:11:26.0088 4028  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:11:26.0092 4028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:11:26.0097 4028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:11:26.0100 4028  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:11:26.0105 4028  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:11:26.0108 4028  [Global] - ok
20:11:26.0108 4028  ================ Scan MBR ==================================
20:11:26.0110 4028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:11:26.0216 4028  \Device\Harddisk0\DR0 - ok
20:11:26.0218 4028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
20:11:26.0264 4028  \Device\Harddisk3\DR3 - ok
20:11:26.0266 4028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:11:26.0314 4028  \Device\Harddisk2\DR2 - ok
20:11:26.0320 4028  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:11:26.0448 4028  \Device\Harddisk1\DR1 - ok
20:11:26.0449 4028  ================ Scan VBR ==================================
20:11:26.0452 4028  [ C2B6D49819D82D967F2454EE37621107 ] \Device\Harddisk0\DR0\Partition1
20:11:26.0454 4028  \Device\Harddisk0\DR0\Partition1 - ok
20:11:26.0455 4028  [ 2EAA5D60427984F42D1965CAD5141068 ] \Device\Harddisk0\DR0\Partition2
20:11:26.0457 4028  \Device\Harddisk0\DR0\Partition2 - ok
20:11:26.0458 4028  [ 9513F74D205621C1F412A251DB6683B9 ] \Device\Harddisk3\DR3\Partition1
20:11:26.0460 4028  \Device\Harddisk3\DR3\Partition1 - ok
20:11:26.0462 4028  [ EFFF9AEB5F4F3B66AA62DD21637D7AB5 ] \Device\Harddisk2\DR2\Partition1
20:11:26.0463 4028  \Device\Harddisk2\DR2\Partition1 - ok
20:11:26.0465 4028  [ ED5FBE4FE0488AE80B4F6D932F825702 ] \Device\Harddisk1\DR1\Partition1
20:11:26.0466 4028  \Device\Harddisk1\DR1\Partition1 - ok
20:11:26.0467 4028  ============================================================
20:11:26.0467 4028  Scan finished
20:11:26.0467 4028  ============================================================
20:11:26.0473 4532  Detected object count: 0
20:11:26.0473 4532  Actual detected object count: 0
20:13:04.0846 3444  Deinitialize success
         
aswMBR log
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 19:52:38
-----------------------------
19:52:38.564    OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:38.564    Number of processors: 4 586 0x2A07
19:52:38.564    ComputerName: ***-PC  UserName: ***
19:52:38.904    Initialize success
20:04:14.583    AVAST engine defs: 13050501
20:05:56.387    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:56.390    Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
20:05:56.392    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
20:05:56.395    Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
20:05:56.398    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
20:05:56.400    Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.404    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
20:05:56.407    Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.415    Disk 0 MBR read successfully
20:05:56.420    Disk 0 MBR scan
20:05:56.423    Disk 0 Windows 7 default MBR code
20:05:56.425    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:05:56.428    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
20:05:56.436    Disk 0 scanning C:\Windows\system32\drivers
20:05:58.298    Service scanning
20:06:03.434    Modules scanning
20:06:03.441    Disk 0 trace - called modules:
20:06:03.448    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
20:06:03.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
20:06:03.458    3 CLASSPNP.SYS[fffff880018ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007309680]
20:06:03.730    AVAST engine scan C:\Windows
20:06:04.182    AVAST engine scan C:\Windows\system32
20:06:52.434    AVAST engine scan C:\Windows\system32\drivers
20:06:54.730    AVAST engine scan C:\Users\***
20:06:57.904    File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59L5QVH\InstallMonetizer-PriceGong_v2[1].exe  **INFECTED** Win32:SaliCode
20:06:58.084    File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBAYL85N\crush_vsti_5805[1].exe  **INFECTED** Win32:SaliCode
20:07:05.325    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe  **INFECTED** Win32:SaliCode
20:07:05.349    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe  **INFECTED** Win32:SaliCode
20:07:05.439    File: C:\Users\***\AppData\Local\Temp\0038258A_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.491    File: C:\Users\***\AppData\Local\Temp\00385457_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:05.537    File: C:\Users\***\AppData\Local\Temp\0041120A_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:05.582    File: C:\Users\***\AppData\Local\Temp\00414FC5_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.627    File: C:\Users\***\AppData\Local\Temp\0044D02B_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.671    File: C:\Users\***\AppData\Local\Temp\0044FE8A_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.715    File: C:\Users\***\AppData\Local\Temp\00895E19_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.760    File: C:\Users\***\AppData\Local\Temp\00898651_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.830    File: C:\Users\***\AppData\Local\Temp\0109F01D_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.873    File: C:\Users\***\AppData\Local\Temp\010BBC80_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.918    File: C:\Users\***\AppData\Local\Temp\0112E093_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.966    File: C:\Users\***\AppData\Local\Temp\0143C660_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.032    File: C:\Users\***\AppData\Local\Temp\01454408_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.099    File: C:\Users\***\AppData\Local\Temp\01455EC8_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.162    File: C:\Users\***\AppData\Local\Temp\014797F1_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.226    File: C:\Users\***\AppData\Local\Temp\015136CF_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.293    File: C:\Users\***\AppData\Local\Temp\0156F6E2_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.336    File: C:\Users\***\AppData\Local\Temp\01571931_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.381    File: C:\Users\***\AppData\Local\Temp\01655B11_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.426    File: C:\Users\***\AppData\Local\Temp\0165A099_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.473    File: C:\Users\***\AppData\Local\Temp\016C017D_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.519    File: C:\Users\***\AppData\Local\Temp\017007F3_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.564    File: C:\Users\***\AppData\Local\Temp\0176265B_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.610    File: C:\Users\***\AppData\Local\Temp\0178DC90_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.656    File: C:\Users\***\AppData\Local\Temp\01B0B717_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.707    File: C:\Users\***\AppData\Local\Temp\01B474F9_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.755    File: C:\Users\***\AppData\Local\Temp\01E2F926_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.829    File: C:\Users\***\AppData\Local\Temp\01E318A8_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.879    File: C:\Users\***\AppData\Local\Temp\01E6A202_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.927    File: C:\Users\***\AppData\Local\Temp\020EC980_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.975    File: C:\Users\***\AppData\Local\Temp\02105E21_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.022    File: C:\Users\***\AppData\Local\Temp\02113250_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.067    File: C:\Users\***\AppData\Local\Temp\0219B841_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.122    File: C:\Users\***\AppData\Local\Temp\02B76796_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.174    File: C:\Users\***\AppData\Local\Temp\02B78C07_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.225    File: C:\Users\***\AppData\Local\Temp\0318F823_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.279    File: C:\Users\***\AppData\Local\Temp\03191CC3_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.359    File: C:\Users\***\AppData\Local\Temp\032055AE_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.414    File: C:\Users\***\AppData\Local\Temp\0326D2AA_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.478    File: C:\Users\***\AppData\Local\Temp\0332C64B_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.895    File: C:\Users\***\AppData\Local\Temp\oi_5PXETZwuYP\OIAssistWTD.exe  **INFECTED** Win32:SaliCode
20:07:08.566    File: C:\Users\***\AppData\Local\Temp\Temp1_depends22_x86.zip\depends.exe  **INFECTED** Win32:SaliCode
20:07:08.629    File: C:\Users\***\AppData\Local\Temp\Temp1_nethack-343-win.zip\NetHack.exe  **INFECTED** Win32:SaliCode
20:07:08.710    File: C:\Users\***\AppData\Local\Temp\windaodjc.exe  **INFECTED** Win32:Sality-GR
20:07:08.727    File: C:\Users\***\AppData\Local\Temp\winrjea.exe  **INFECTED** Win32:Sality-GR
20:07:08.746    File: C:\Users\***\AppData\Local\Temp\winvveu.exe  **INFECTED** Win32:Sality-GR
20:07:14.076    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe  **INFECTED** Win32:SaliCode
20:07:14.099    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe  **INFECTED** Win32:SaliCode
20:07:15.820    File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe  **INFECTED** Win32:SaliCode
20:07:17.409    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe  **INFECTED** Win32:SaliCode
20:07:17.424    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe  **INFECTED** Win32:Sality
20:07:17.528    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe  **INFECTED** Win32:SaliCode
20:07:17.582    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe  **INFECTED** Win32:SaliCode
20:07:20.091    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe  **INFECTED** Win32:SaliCode
20:07:20.105    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe  **INFECTED** Win32:SaliCode
20:07:20.120    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe  **INFECTED** Win32:SaliCode
20:07:20.136    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe  **INFECTED** Win32:SaliCode
20:07:20.161    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe  **INFECTED** Win32:Sality
20:07:21.632    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe  **INFECTED** Win32:Sality
20:07:25.296    File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe  **INFECTED** Win32:SaliCode
20:07:31.586    File: C:\Users\***\Desktop\Minecraft.exe  **INFECTED** Win32:SaliCode
20:07:31.776    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe  **INFECTED** Win32:SaliCode
20:07:31.836    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe  **INFECTED** Win32:Sality
20:07:31.925    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe  **INFECTED** Win32:SaliCode
20:07:36.009    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe  **INFECTED** Win32:SaliCode
20:07:36.027    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe  **INFECTED** Win32:SaliCode
20:07:36.060    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe  **INFECTED** Win32:Sality
20:07:37.123    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe  **INFECTED** Win32:SaliCode
20:07:38.047    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe  **INFECTED** Win32:Sality
20:07:38.142    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe  **INFECTED** Win32:SaliCode
20:07:38.414    AVAST engine scan C:\ProgramData
20:07:39.766    Scan finished successfully
20:10:10.073    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:10:10.077    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         


Alt 06.05.2013, 22:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Hm...aswMBR zeigt den Sality an, das ist ein fieser Schädling, der auch andere Dateien befällt (fileinfector) - falls sich das bestätigt wirst du alles löschen und neu installieren müssen!

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Virus beseitigung

Alt 07.05.2013, 16:48   #7
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



Hier das Combofix log:
Code:
ATTFilter
ComboFix 13-05-07.02 - *** 07.05.2013  16:36:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.6533 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\fraps.exe
c:\program files (x86)\fraps32.dll
c:\program files (x86)\fraps64.dat
c:\program files (x86)\fraps64.dll
c:\program files (x86)\frapslcd.dll
c:\program files (x86)\Uninstall.exe
c:\windows\SysWow64\frapsvid.dll
D:\Autorun.inf
E:\autorun.inf
F:\Autorun.inf
F:\rqhlf.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-05 09:53 . 2013-05-05 09:53	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-05-05 09:53 . 2013-05-05 09:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-05 09:53 . 2013-05-05 09:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-05 09:53 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-03 12:16 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FA1773B-B7C5-47BE-9B2B-08BAA53C94A3}\mpengine.dll
2013-05-02 20:38 . 2013-05-02 20:52	--------	d-----w-	c:\users\***\AppData\Roaming\Syncios
2013-05-02 20:38 . 2013-05-02 20:38	--------	d-----w-	c:\program files (x86)\Syncios
2013-05-02 20:29 . 2013-05-02 20:29	--------	d-----w-	c:\users\***\AppData\Local\Geckofx
2013-05-02 20:29 . 2013-05-02 20:29	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2013-04-30 22:03 . 2013-04-30 22:03	181064	----a-w-	c:\windows\PSEXESVC.EXE
2013-04-30 21:59 . 2013-04-30 21:59	--------	d-----w-	c:\windows\PSTools
2013-04-30 21:41 . 2013-04-30 21:42	--------	d-----w-	c:\users\Admin
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-26 16:14 . 2013-04-26 16:14	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\windows\symbols
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files\Microsoft Help Viewer
2013-04-26 16:14 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2013-04-26 16:12 . 2013-04-26 16:14	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-04-26 16:11 . 2013-04-26 16:11	--------	d-----w-	c:\windows\PCHEALTH
2013-04-24 11:13 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 20:05 . 2013-04-23 20:05	--------	d-----w-	C:\Python
2013-04-21 20:20 . 2013-04-21 20:20	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2013-04-20 19:46 . 2013-04-20 19:46	--------	d-----w-	c:\program files (x86)\Microsoft Games
2013-04-15 16:24 . 2013-04-16 17:05	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-04-10 12:26 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 12:26 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 12:26 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 12:26 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 12:26 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 12:26 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 12:26 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 12:26 . 2013-04-10 12:26	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-10 12:21 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 12:21 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 12:21 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:21 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:21 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 12:21 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-28 10:02 . 2012-10-28 16:51	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-28 10:02 . 2012-10-28 16:51	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-06 18:30 . 2013-04-06 18:30	3919872	----a-w-	c:\windows\system32\python33.dll
2013-04-06 18:29 . 2013-04-06 18:29	94208	----a-w-	c:\windows\pyw.exe
2013-04-06 18:29 . 2013-04-06 18:29	93184	----a-w-	c:\windows\py.exe
2013-03-01 16:14 . 2013-03-01 16:14	270408	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-01 16:14 . 2013-02-27 20:11	270408	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-10-28 11:47	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-28 11:47	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-12 04:12 . 2013-03-16 10:21	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-09 09:54 . 2013-01-12 20:04	1593096	----a-w-	c:\windows\SysWow64\ChilkatCrypt2.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
"Hobbyist Software VLC Streamer"="c:\program files (x86)\VLC Streamer\VLC Streamer Configuration.exe" [2013-01-09 1647128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-04-02 2220784]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2008-04-18 15744]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2013-04-02 768752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2008-04-18 214528]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2008-04-18 338304]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2008-04-18 437888]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2008-04-18 21120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 17:42	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 10:02]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 20:47]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-31 20:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k4m8hmo7.default\
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Browser Infrastructure Helper - c:\users\***\AppData\Local\Smartbar\Application\QuickShare.exe
AddRemove-Crash Free VSTI plugin - c:\program files (x86)\Crash Free VSTI plugin\uninstall.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-07  16:39:23
ComboFix-quarantined-files.txt  2013-05-07 14:39
.
Vor Suchlauf: 8 Verzeichnis(se), 12.182.274.048 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 12.711.424.000 Bytes frei
.
- - End Of File - - 4EFB1A0332FDDCC1FE8F4F01E956B9AF
         

Alt 07.05.2013, 16:52   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Ok, lade aswMBR bitte neu runter und führ es nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2013, 18:15   #9
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



Hier der aswMBR log...
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 19:52:38
-----------------------------
19:52:38.564    OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:38.564    Number of processors: 4 586 0x2A07
19:52:38.564    ComputerName: ***-PC  UserName: ***
19:52:38.904    Initialize success
20:04:14.583    AVAST engine defs: 13050501
20:05:56.387    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:05:56.390    Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
20:05:56.392    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
20:05:56.395    Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
20:05:56.398    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
20:05:56.400    Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.404    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
20:05:56.407    Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
20:05:56.415    Disk 0 MBR read successfully
20:05:56.420    Disk 0 MBR scan
20:05:56.423    Disk 0 Windows 7 default MBR code
20:05:56.425    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:05:56.428    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
20:05:56.436    Disk 0 scanning C:\Windows\system32\drivers
20:05:58.298    Service scanning
20:06:03.434    Modules scanning
20:06:03.441    Disk 0 trace - called modules:
20:06:03.448    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
20:06:03.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
20:06:03.458    3 CLASSPNP.SYS[fffff880018ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007309680]
20:06:03.730    AVAST engine scan C:\Windows
20:06:04.182    AVAST engine scan C:\Windows\system32
20:06:52.434    AVAST engine scan C:\Windows\system32\drivers
20:06:54.730    AVAST engine scan C:\Users\***
20:06:57.904    File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59L5QVH\InstallMonetizer-PriceGong_v2[1].exe  **INFECTED** Win32:SaliCode
20:06:58.084    File: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBAYL85N\crush_vsti_5805[1].exe  **INFECTED** Win32:SaliCode
20:07:05.325    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe  **INFECTED** Win32:SaliCode
20:07:05.349    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe  **INFECTED** Win32:SaliCode
20:07:05.439    File: C:\Users\***\AppData\Local\Temp\0038258A_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.491    File: C:\Users\***\AppData\Local\Temp\00385457_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:05.537    File: C:\Users\***\AppData\Local\Temp\0041120A_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:05.582    File: C:\Users\***\AppData\Local\Temp\00414FC5_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.627    File: C:\Users\***\AppData\Local\Temp\0044D02B_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.671    File: C:\Users\***\AppData\Local\Temp\0044FE8A_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.715    File: C:\Users\***\AppData\Local\Temp\00895E19_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.760    File: C:\Users\***\AppData\Local\Temp\00898651_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.830    File: C:\Users\***\AppData\Local\Temp\0109F01D_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.873    File: C:\Users\***\AppData\Local\Temp\010BBC80_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.918    File: C:\Users\***\AppData\Local\Temp\0112E093_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:05.966    File: C:\Users\***\AppData\Local\Temp\0143C660_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.032    File: C:\Users\***\AppData\Local\Temp\01454408_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.099    File: C:\Users\***\AppData\Local\Temp\01455EC8_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.162    File: C:\Users\***\AppData\Local\Temp\014797F1_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.226    File: C:\Users\***\AppData\Local\Temp\015136CF_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.293    File: C:\Users\***\AppData\Local\Temp\0156F6E2_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.336    File: C:\Users\***\AppData\Local\Temp\01571931_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.381    File: C:\Users\***\AppData\Local\Temp\01655B11_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.426    File: C:\Users\***\AppData\Local\Temp\0165A099_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.473    File: C:\Users\***\AppData\Local\Temp\016C017D_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.519    File: C:\Users\***\AppData\Local\Temp\017007F3_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.564    File: C:\Users\***\AppData\Local\Temp\0176265B_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.610    File: C:\Users\***\AppData\Local\Temp\0178DC90_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.656    File: C:\Users\***\AppData\Local\Temp\01B0B717_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:06.707    File: C:\Users\***\AppData\Local\Temp\01B474F9_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.755    File: C:\Users\***\AppData\Local\Temp\01E2F926_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.829    File: C:\Users\***\AppData\Local\Temp\01E318A8_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.879    File: C:\Users\***\AppData\Local\Temp\01E6A202_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.927    File: C:\Users\***\AppData\Local\Temp\020EC980_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:06.975    File: C:\Users\***\AppData\Local\Temp\02105E21_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.022    File: C:\Users\***\AppData\Local\Temp\02113250_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.067    File: C:\Users\***\AppData\Local\Temp\0219B841_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.122    File: C:\Users\***\AppData\Local\Temp\02B76796_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.174    File: C:\Users\***\AppData\Local\Temp\02B78C07_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.225    File: C:\Users\***\AppData\Local\Temp\0318F823_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.279    File: C:\Users\***\AppData\Local\Temp\03191CC3_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.359    File: C:\Users\***\AppData\Local\Temp\032055AE_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.414    File: C:\Users\***\AppData\Local\Temp\0326D2AA_Rar\legoria3.exe  **INFECTED** Win32:SaliCode
20:07:07.478    File: C:\Users\***\AppData\Local\Temp\0332C64B_Rar\legoria3.exe  **INFECTED** Win32:Sality
20:07:07.895    File: C:\Users\***\AppData\Local\Temp\oi_5PXETZwuYP\OIAssistWTD.exe  **INFECTED** Win32:SaliCode
20:07:08.566    File: C:\Users\***\AppData\Local\Temp\Temp1_depends22_x86.zip\depends.exe  **INFECTED** Win32:SaliCode
20:07:08.629    File: C:\Users\***\AppData\Local\Temp\Temp1_nethack-343-win.zip\NetHack.exe  **INFECTED** Win32:SaliCode
20:07:08.710    File: C:\Users\***\AppData\Local\Temp\windaodjc.exe  **INFECTED** Win32:Sality-GR
20:07:08.727    File: C:\Users\***\AppData\Local\Temp\winrjea.exe  **INFECTED** Win32:Sality-GR
20:07:08.746    File: C:\Users\***\AppData\Local\Temp\winvveu.exe  **INFECTED** Win32:Sality-GR
20:07:14.076    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe  **INFECTED** Win32:SaliCode
20:07:14.099    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe  **INFECTED** Win32:SaliCode
20:07:15.820    File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe  **INFECTED** Win32:SaliCode
20:07:17.409    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe  **INFECTED** Win32:SaliCode
20:07:17.424    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe  **INFECTED** Win32:Sality
20:07:17.528    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe  **INFECTED** Win32:SaliCode
20:07:17.582    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe  **INFECTED** Win32:SaliCode
20:07:20.091    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe  **INFECTED** Win32:SaliCode
20:07:20.105    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe  **INFECTED** Win32:SaliCode
20:07:20.120    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe  **INFECTED** Win32:SaliCode
20:07:20.136    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe  **INFECTED** Win32:SaliCode
20:07:20.161    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe  **INFECTED** Win32:Sality
20:07:21.632    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe  **INFECTED** Win32:Sality
20:07:25.296    File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe  **INFECTED** Win32:SaliCode
20:07:31.586    File: C:\Users\***\Desktop\Minecraft.exe  **INFECTED** Win32:SaliCode
20:07:31.776    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe  **INFECTED** Win32:SaliCode
20:07:31.836    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe  **INFECTED** Win32:Sality
20:07:31.925    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe  **INFECTED** Win32:SaliCode
20:07:36.009    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe  **INFECTED** Win32:SaliCode
20:07:36.027    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe  **INFECTED** Win32:SaliCode
20:07:36.060    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe  **INFECTED** Win32:Sality
20:07:37.123    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe  **INFECTED** Win32:SaliCode
20:07:38.047    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe  **INFECTED** Win32:Sality
20:07:38.142    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe  **INFECTED** Win32:SaliCode
20:07:38.414    AVAST engine scan C:\ProgramData
20:07:39.766    Scan finished successfully
20:10:10.073    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:10:10.077    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 17:42:25
-----------------------------
17:42:25.239    OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:25.239    Number of processors: 4 586 0x2A07
17:42:25.240    ComputerName: ***-PC  UserName: ***
17:42:25.539    Initialize success
17:54:06.080    AVAST engine defs: 13050700
17:54:11.173    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:54:11.176    Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
17:54:11.179    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
17:54:11.181    Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
17:54:11.184    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
17:54:11.186    Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.190    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
17:54:11.193    Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.202    Disk 0 MBR read successfully
17:54:11.206    Disk 0 MBR scan
17:54:11.212    Disk 0 Windows 7 default MBR code
17:54:11.214    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:54:11.218    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
17:54:11.227    Disk 0 scanning C:\Windows\system32\drivers
17:54:13.097    Service scanning
17:54:18.135    Modules scanning
17:54:18.142    Disk 0 trace - called modules:
17:54:18.150    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:54:18.155    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
17:54:18.160    3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800730c060]
17:54:18.477    AVAST engine scan C:\Windows
17:54:19.082    AVAST engine scan C:\Windows\system32
17:55:08.325    AVAST engine scan C:\Windows\system32\drivers
17:55:10.642    AVAST engine scan C:\Users\***
17:55:20.718    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe  **INFECTED** Win32:SaliCode
17:55:20.740    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe  **INFECTED** Win32:SaliCode
17:55:25.981    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe  **INFECTED** Win32:SaliCode
17:55:26.007    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe  **INFECTED** Win32:SaliCode
17:55:27.294    File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe  **INFECTED** Win32:SaliCode
17:55:28.740    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe  **INFECTED** Win32:SaliCode
17:55:28.754    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe  **INFECTED** Win32:Sality
17:55:28.857    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe  **INFECTED** Win32:SaliCode
17:55:28.908    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe  **INFECTED** Win32:SaliCode
17:55:31.427    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe  **INFECTED** Win32:SaliCode
17:55:31.441    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe  **INFECTED** Win32:SaliCode
17:55:31.465    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe  **INFECTED** Win32:SaliCode
17:55:31.483    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe  **INFECTED** Win32:SaliCode
17:55:31.516    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe  **INFECTED** Win32:Sality
17:55:33.296    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe  **INFECTED** Win32:Sality
17:55:37.942    File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe  **INFECTED** Win32:SaliCode
17:55:46.328    File: C:\Users\***\Desktop\Minecraft.exe  **INFECTED** Win32:SaliCode
17:55:46.528    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe  **INFECTED** Win32:SaliCode
17:55:46.593    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe  **INFECTED** Win32:Sality
17:55:46.677    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe  **INFECTED** Win32:SaliCode
17:55:51.206    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe  **INFECTED** Win32:SaliCode
17:55:51.228    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe  **INFECTED** Win32:SaliCode
17:55:51.263    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe  **INFECTED** Win32:Sality
17:55:52.308    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe  **INFECTED** Win32:SaliCode
17:55:53.346    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe  **INFECTED** Win32:Sality
17:55:53.455    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe  **INFECTED** Win32:SaliCode
17:55:53.765    AVAST engine scan C:\ProgramData
17:55:55.166    Scan finished successfully
18:13:55.499    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:13:55.502    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
Sorry war eben das falsche Log war das ALTE bitte nicht weiter beachten...
Hier das richtige log:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 17:42:25
-----------------------------
17:42:25.239    OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:25.239    Number of processors: 4 586 0x2A07
17:42:25.240    ComputerName: ***-PC  UserName: ***
17:42:25.539    Initialize success
17:54:06.080    AVAST engine defs: 13050700
17:54:11.173    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:54:11.176    Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
17:54:11.179    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
17:54:11.181    Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 11
17:54:11.184    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
17:54:11.186    Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.190    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
17:54:11.193    Disk 3 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 11
17:54:11.202    Disk 0 MBR read successfully
17:54:11.206    Disk 0 MBR scan
17:54:11.212    Disk 0 Windows 7 default MBR code
17:54:11.214    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:54:11.218    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
17:54:11.227    Disk 0 scanning C:\Windows\system32\drivers
17:54:13.097    Service scanning
17:54:18.135    Modules scanning
17:54:18.142    Disk 0 trace - called modules:
17:54:18.150    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:54:18.155    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007530060]
17:54:18.160    3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800730c060]
17:54:18.477    AVAST engine scan C:\Windows
17:54:19.082    AVAST engine scan C:\Windows\system32
17:55:08.325    AVAST engine scan C:\Windows\system32\drivers
17:55:10.642    AVAST engine scan C:\Users\***
17:55:20.718    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe  **INFECTED** Win32:SaliCode
17:55:20.740    File: C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe  **INFECTED** Win32:SaliCode
17:55:25.981    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe  **INFECTED** Win32:SaliCode
17:55:26.007    File: C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe  **INFECTED** Win32:SaliCode
17:55:27.294    File: C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe  **INFECTED** Win32:SaliCode
17:55:28.740    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe  **INFECTED** Win32:SaliCode
17:55:28.754    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe  **INFECTED** Win32:Sality
17:55:28.857    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe  **INFECTED** Win32:SaliCode
17:55:28.908    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe  **INFECTED** Win32:SaliCode
17:55:31.427    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe  **INFECTED** Win32:SaliCode
17:55:31.441    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe  **INFECTED** Win32:SaliCode
17:55:31.465    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe  **INFECTED** Win32:SaliCode
17:55:31.483    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe  **INFECTED** Win32:SaliCode
17:55:31.516    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe  **INFECTED** Win32:Sality
17:55:33.296    File: C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe  **INFECTED** Win32:Sality
17:55:37.942    File: C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe  **INFECTED** Win32:SaliCode
17:55:46.328    File: C:\Users\***\Desktop\Minecraft.exe  **INFECTED** Win32:SaliCode
17:55:46.528    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe  **INFECTED** Win32:SaliCode
17:55:46.593    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe  **INFECTED** Win32:Sality
17:55:46.677    File: C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe  **INFECTED** Win32:SaliCode
17:55:51.206    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe  **INFECTED** Win32:SaliCode
17:55:51.228    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe  **INFECTED** Win32:SaliCode
17:55:51.263    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe  **INFECTED** Win32:Sality
17:55:52.308    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe  **INFECTED** Win32:SaliCode
17:55:53.346    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe  **INFECTED** Win32:Sality
17:55:53.455    File: C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe  **INFECTED** Win32:SaliCode
17:55:53.765    AVAST engine scan C:\ProgramData
17:55:55.166    Scan finished successfully
18:13:55.499    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:13:55.502    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
21:14:18.292    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:14:18.495    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
21:14:47.973    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:14:47.977    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

Alt 07.05.2013, 21:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.05.2013, 16:03   #11
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



Malwarebytes log...
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

07.05.2013 21:50:24
mbam-log-neu.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 523171
Laufzeit: 20 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Qoobox\Quarantine\F\rqhlf.exe.vir (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
D:\ufllh.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
E:\hwasc.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Und ESET Online Scanner...
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31dfb196065b194b9ce08c8a19fd28c4
# engine=13783
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-08 01:47:19
# local_time=2013-05-08 03:47:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 437436 119650689 0 0
# scanned=271391
# found=289
# cleaned=0
# scan_time=4128
sh=0A431528D75FC13607CC476A9ED40D6FBC0FF05A ft=1 fh=f03b0e64cb491cd2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloader.exe"
sh=62257721D75C4D6C098CBF2D2F2A482D4291A497 ft=1 fh=cd5b5eae4e923944 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloaderBETA.exe"
sh=F94395BA3A43B0AF61B63CBEABAC10083D4CB9BE ft=1 fh=33a2084df6712d6c vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe"
sh=9DC2F7E4E4C61B8591F640538CEB20F5F4757307 ft=1 fh=105c855ba29f26bd vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDUninstall.exe"
sh=5D4C93446AB81E224A4B7F09AF80CF6A3309F02D ft=1 fh=03c13b8b7e2bd052 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\JDUpdate.exe"
sh=BD852B6AD82D76573D49217EE37411CC7D432467 ft=1 fh=ac919e9a9b6e4e4f vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\plugins\jdshutdown\windows\shutdown.exe"
sh=C1D057C5BB3A3E89E077C71364DC7A3AB9F0C2C8 ft=1 fh=26231981c8729169 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\tools\Windows\kikin\kikin_installer.exe"
sh=4AA035FC4BD61719DE2F5FF4768D19F64B85BDBA ft=1 fh=beae99e2df10c4c4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\JDownloader\tools\Windows\unrarw32\unrar.exe"
sh=C8D17827A20A260A4FCC616F317EAC5CCC37779B ft=1 fh=acb8ccbcdecebcdf vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\ar505deu.exe"
sh=0632E4CB4502E7380F6DF489999190E74E712E62 ft=1 fh=708671167c59c05b vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\autopatcher.exe"
sh=4669B32E732F911AAE0467450D154AD71B60094C ft=1 fh=cb8503a64798ddbb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\chktrust.exe"
sh=B267B5D22C0E662258C93FAEE44FB00EA88B1672 ft=1 fh=2bab4c4a6f07373d vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\dw15.exe"
sh=A17EA46265CE73FD64BE32A14747D4F581250FE2 ft=1 fh=86f7a0937f83a6b1 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\gfxinfo.exe"
sh=3B30094E501BCDC9FC1F89D912C6BDC283CD70BB ft=1 fh=f8189ece8cbfcb5e vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\instapup.exe"
sh=3415ACEC0384AEC58EADA59672888E9B89994421 ft=1 fh=328d50d15575edb0 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\movieplayer.exe"
sh=D9DA1B169D808A802666629F7F62CD0220B623F7 ft=1 fh=81b00f24c40d94b2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Microsoft Games\Age of Mythology\UNINSTAL.EXE"
sh=F7138792841C016C20FF8D144123CC4567022676 ft=1 fh=eb872c2909a8417f vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\Binaries\Win32\UE3ShaderCompileWorker.exe"
sh=F1D64238A13248E5619FFACFC5845F03B33E5C62 ft=1 fh=9d00c2c2eb740b43 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\amdcpusetup.exe"
sh=6B4973A561993EA2084715F14EFE1134DFF2437A ft=1 fh=9be4e587a0adacdb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\vcredist_x64.exe"
sh=90F3F6FF5D8E4249F8BB2744EC558BD0C875FB11 ft=1 fh=4e988ce1aa83f7bb vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\vcredist_x86.exe"
sh=EE84B1458DC147F9FBAC03C570A8124730A706F0 ft=1 fh=72c63df5cfc6d673 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Afterfall InSanity\redist\dotnet\Helper.exe"
sh=6890E9A2DA8DEBA4FC59ECE43D37CF4180840CBA ft=1 fh=17e3cf56e8338d15 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\DeathRally\DeathRally.exe"
sh=C430F3A1CF4FCF5342FE4BB99C0E2D64D6C5A49A ft=1 fh=bc23f51addb9401d vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\DeathRally\thirdparty\Studio_Redistributable\vcredist_x86.exe"
sh=AAEA27126BABBED907B0057C5A50996396505397 ft=1 fh=51a4736457526859 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe"
sh=7E25953637392A57A058563922FD7047049D030A ft=1 fh=153d765cf0753350 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\Components\vcredist_x86.exe"
sh=2BF2FE8AA4A59984F330570B627E5269F07B99E9 ft=1 fh=e0d9ff1503bf1027 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe"
sh=39A871305E80E6B88551DDE2161B400D6E17E9E1 ft=1 fh=2640cf297cfaf1c1 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\bin\demoinfo.exe"
sh=A079C0793FF7CFE816EECC648197E2D07107C9E1 ft=1 fh=11f48c21e7443655 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\bin\makevmt.exe"
sh=A6FBA8CF46128B0EFBFDCF114637B5EF3DCCC581 ft=1 fh=7d01d7dedec8f453 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe"
sh=A9EC59579545BB8AF38D0222F55E01682D7DD018 ft=1 fh=eccc7da87aae245b vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\exec.exe"
sh=0CD197569089655E21DA9F8528BC7A83DBC427AF ft=1 fh=ce09d8664347cc23 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\loaddll.exe"
sh=318DD05C4513D67AED941813A5FDF59248955789 ft=1 fh=d8a17d54895f3461 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\pnpscan.exe"
sh=5899DEE1792EFBF7D165B2DA71BD99FAECC799C6 ft=1 fh=5cb6338cb64993ba vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Primary.exe"
sh=002FF4485E6CBE0DADCADD31474C6C2C78FC7293 ft=1 fh=beaa8ac719529743 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNHLPdeu.EXE"
sh=C3C2B4B70F527F97B1AFB53C976AE508E7C9A369 ft=1 fh=eb367f5a9c740058 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNSftPVR.EXE"
sh=697570D82920D9299E4CD51CA51F3B8D56B12C92 ft=1 fh=9675ebc677e63456 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\UNTV6.EXE"
sh=DDCD9F035CD5D0F622A73146CC0A43EDCE789A29 ft=1 fh=10849a56b18c4ea4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\WinTV.exe"
sh=A28DC0B3FF6DF625D1C1BAF710445EA9910E5CEA ft=1 fh=b4cca409c64cd961 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\pvrfile_applet.exe"
sh=1E62008DFAD057BE1EDBBF91C1F3F34D53FDAFE0 ft=1 fh=0f38dba510b356a5 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\scheduler.exe"
sh=715D6B522B9204B3BD67D6D065332E8B4BEDA754 ft=1 fh=2f57b77b9a6dc1e4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\StayAwake.exe"
sh=4F59F8F890B126AC599CA701EC53E1DF21810302 ft=1 fh=4c2254295fa4d2ad vn="Win32/Sality.NBA virus" ac=I fn="C:\Program Files (x86)\WinTV\Scheduler\uniSCHED.exe"
sh=8279284594BAB435468125A6497BEDEB4F34B2B2 ft=1 fh=43dce4331e542c35 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-10.0.exe"
sh=2C6E8F78A9FCC1B2B4CCA346688D7956D311873C ft=1 fh=2543d8d568ef9325 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-6.0.exe"
sh=D8793AE6EF49ABE5EF1E9DBEFAB60A5D70AA8BA5 ft=1 fh=0f60927b9256ad85 vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-7.1.exe"
sh=982AC4359E083E4B775D5E1A15C9FB0D67EF7111 ft=1 fh=23e6924871d4cb0c vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-8.0.exe"
sh=A5ED398EA6DB57FC1B5153924E88CCCD4239AD7F ft=1 fh=d887f627eebac0eb vn="Win32/Sality.NBA virus" ac=I fn="C:\Python\Lib\distutils\command\wininst-9.0.exe"
sh=397BE7CEDAFF9B9C619C0DEF277D23AE65E47E5D ft=1 fh=6376f3c7a313b98a vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIND3NHU\Firefox%20Setup%2016.0.2[1].exe"
sh=C44BB09EF33BDE4BA039ED814C0423A7CC75CC53 ft=1 fh=3fd7836493e7f8c7 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrA.exe"
sh=F8D159BE1ACEF8EDBAEEFC48C5274B169F85FD65 ft=1 fh=2a0e98ab0653e9a9 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Local\PunkBuster\ACB\pb\PnkBstrB.exe"
sh=05772EDA187B39DB0257B65AD8ACAD00EFA6238E ft=1 fh=274e05c5d4005fcc vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe"
sh=9668A9AB3432823569330626C7BA205C57FE8C9C ft=1 fh=442532bdad4857f2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe"
sh=619AF7DF581CBB626FF024B342C8E6CB23E1776B ft=1 fh=208da11b941a2bbf vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe"
sh=45141D8DEAB1887FDB25EA1256EE66410AEEF358 ft=1 fh=41a7a756da343b14 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Minecraft.exe"
sh=B88D58656E3363B4DDDD1287B900A4DB22A7A2F7 ft=1 fh=970f102f0a61c92d vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper-console.exe"
sh=0F6DF47A422F9EC60329F76B8D8C3331C0ED3C96 ft=1 fh=8c2807fe65398639 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\gspawn-win32-helper.exe"
sh=D1CE92F8753175E7759C1C50C414B1970D410216 ft=1 fh=29aabdd640323a38 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkscape.exe"
sh=EAF958A632A3C601D98E4683795719AD2E23F31A ft=1 fh=722e6dd5ebb97352 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\inkview.exe"
sh=B1E164EB48E3B11CE6F0035DAA5CCE284C5B5430 ft=1 fh=e3a415000c2df8a7 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\pythonw.exe"
sh=43643AE6552F61B2C5A1CBCE7C88F7784125590E ft=1 fh=f077a79d1808aa64 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=837E94905872558F05514661E3BF1880949A7AD1 ft=1 fh=4e396dc05e7a4ca2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=214BA2216D86B94FEEF5A265E4518354574A4C44 ft=1 fh=f3c8b965dda4c201 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=0434F86F38E20D32EF61F978B4F615F81B939F7E ft=1 fh=93bd5d027547e7a9 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-8.0.exe"
sh=84FE47208FFA0EE7AF5E0BB857C44B977733C8D2 ft=1 fh=f7340282af20c9b4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\***\JK\InkscapePortable\App\Inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=E50F34E93EA7285AA200E949197A80E66DFA9FBC ft=1 fh=f65efba38fed6515 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe"
sh=BBD7C078785AAA2067E790F81B681A0E25B18B8E ft=1 fh=ee7ff4f2f4cf7062 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\CONFIG.exe"
sh=31097BEA65C020E1457187CC64FB454275DD8CFA ft=1 fh=15808f466c6725bd vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\game.exe"
sh=B3A1E75E12CE393B394CF99D90AB607C81F99F8D ft=1 fh=09c03e8960993584 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Desktop\Shaiya\Shaiya-DE\Updater.exe"
sh=A3B859EEE8E2341BC2ADEF1DAD0D91BF857334DA ft=1 fh=78bc910555074eab vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\qsampler.exe"
sh=0033CC522F898434A46847D0F21C2860DBE41579 ft=1 fh=56c38665cc680ba4 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\uninstall.exe"
sh=BF0E98B4A64C1C9901DE3AD0EFA5F0FB4DBBC4BF ft=1 fh=69b04151b8eed50c vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\dlsdump.exe"
sh=04311C46C556EA4059D561C4C5118D6C150206E4 ft=1 fh=799fdcbbe94795e2 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigdump.exe"
sh=3D72ABD73695D413FC0189AD7431C7FAB9642291 ft=1 fh=1bd4ae5014bf9a79 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\gigextract.exe"
sh=B82DE06795CE7ED368EBF08B32B1B1527C0894F6 ft=1 fh=586f1e4b1bf32409 vn="Win32/Sality.NBA virus" ac=I fn="C:\Users\***\Musik\VSTPlugins\LinuxSampler\32\rifftree.exe"
sh=53C3D9AA50D68338448D12D0496FD4F6DC337ECE ft=1 fh=74b588adf1cecf0b vn="Win32/Sality.NBA virus" ac=I fn="D:\Program Files\Skype\Phone\Skype.exe"
sh=1FB1388F7AA3B5215F71F82D5AD825488D84758D ft=1 fh=5f14c319cebad59f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\Bochs-2.5.1.exe"
sh=E260B9ACC26C35662414416AF0E997F6218F06DA ft=1 fh=af133312811bfb2f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\mbam-setup-1.75.0.1300.exe"
sh=31EF85EF7D0F7EF6C747ED248AFCFC0774D83098 ft=1 fh=3d086cb09098ce07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\openvpn-install-2.3.0-I004-i686.exe"
sh=098FE77DADA6A5417DA49A835635CF52A44BFF13 ft=1 fh=ebd5c10d3957b4d2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\OpenVPNPortable_1.8.2.paf.exe"
sh=40A74B4CD6FED7BF11193D259ECB59A3E2DD28CC ft=1 fh=8ccf9a6e628f8dbe vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\syncios.exe"
sh=C96F13C19CDFB4AF9F793E37931C994E415B5E4B ft=1 fh=e6d831dfca63760b vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\Thunderbird Setup 10.0.2.exe"
sh=F5561862480C05480BC268147FD74064554FA0A1 ft=1 fh=c08ddd5f1dd85645 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\vc_web.exe"
sh=78C7227FC90C609BEF36AC01AC7AB5240BBF7DB5 ft=1 fh=85ed99459d9ba956 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\videora-iphone-600-setup.exe"
sh=E2C0470EC0FCF2AB271239AB1054584242DC8A6B ft=1 fh=90f6a80b40ed09c7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\app4win\app4win.exe"
sh=02DCA998255D174284683D9B1C501AE87499D52E ft=1 fh=d00abb324df4d7c4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\HxD\HxD.exe"
sh=FA57C343BDCA0F90659478AB8B8ACB93F80B0A53 ft=1 fh=b270e9626877a3ec vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\HxD\unins000.exe"
sh=AFFE96B8EF1024DDC352A30FBEEA78AF32034080 ft=1 fh=94b84fdf8e434f70 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\hacking\PEiD\PEiD.exe"
sh=C48E53E0782E7707892FF36B5F754DB26C0406AF ft=1 fh=efde9480e2fe2544 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\ASIO4ALL_2_10_Deutsch.exe"
sh=D32667F352BA16837684BB0D92A8C493A5F8D3AA ft=1 fh=7da278ab21a68d30 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\CheatEngine62.exe"
sh=030CA1170032965EB0D7557AF53EC08FCC003FC5 ft=1 fh=4e11cce14268e8f4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Dropbox 1.6.13.exe"
sh=12EFEE8A2B08E17C404DF3AEE56A5EE37CCD1A89 ft=1 fh=550577ff9694ddd8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\eac-1.0beta3.exe"
sh=43057AD65F77EE1368D38873965215F05BD177C2 ft=1 fh=234d20fb3625770e vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Fraps_setup.exe"
sh=74862ED44EA0FC1BB8EBBD73DE84114B2AA2D709 ft=1 fh=ac3391a57cf9ca74 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Git-1.8.0-preview20121022.exe"
sh=10F790E5B85294B43965B4A588E4635C374F6708 ft=1 fh=cfa8923e337fd5d5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\JDownloaderSetup.exe"
sh=465693300291B39546840B9DB6D7881E6B2BB808 ft=1 fh=56bb64befb13e1cb vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\linuxsampler_20121229_setup.exe"
sh=E298D002E87C3FF7094E205CC73A9BE0A45B1EF2 ft=1 fh=89ee47111dbed5a7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\reaper431-install.exe"
sh=8C571BEF99BB53641C39A0932D791204EACECF27 ft=1 fh=f2f5beaf4e16e069 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\SkypeSetup.exe"
sh=17E05AACADCD421D1FE033A1CDCD1A3F2562A105 ft=1 fh=2880a62510ee4cc7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\TeamViewerQS_de-ckc.exe"
sh=145786E36C19627D1810246052904621C23118FC ft=1 fh=e6d831df9521f9f5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Thunderbird Setup 10.0.2.exe"
sh=10C3AFE84B48C7A05AD9B5143EC92DC2DAE46CB9 ft=1 fh=1f52e35d9e1a0549 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\vlc-2.0.4-win32.exe"
sh=8242C413E8422366CB47AFF56FAC32F15FBDCEA1 ft=1 fh=95b96d8b1916b045 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\wireshark-win64-1.6.5.exe"
sh=10AC210A34B4FC3DEDB8009EEE0DE2542E3FC5F7 ft=1 fh=db6d2aed5138eb40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\audacity-win-2.0.2\Audacity\audacity.exe"
sh=D9F894011684B4B207489CD62C7985D8F5DE5D7F ft=1 fh=6637dba784206c47 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\filezilla.exe"
sh=644D49D68116D294DFAA7AFE73D68EFA753D18DD ft=1 fh=0e87435864f7390b vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\fzputtygen.exe"
sh=ACC14F4D44DCB973214D32C55F341A4BFD5DE55F ft=1 fh=c2cffaae59761b5f vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\FileZillaPortable\App\filezilla\fzsftp.exe"
sh=E361BCC9D30520694424DC238F5669E9B3211648 ft=1 fh=970f102f69c4e9f1 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\gspawn-win32-helper-console.exe"
sh=EED31A45BCAB45CA569578391000B97D03A9231B ft=1 fh=8c2807fe1687cd35 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\gspawn-win32-helper.exe"
sh=D26408C1CB2E085EA7F6C9BBB399B3BCAACD07F9 ft=1 fh=8c4fe4fccd9db1cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\inkscape.exe"
sh=EE524E6F2AD279C6A92F5D06CE333F75A83C3FC9 ft=1 fh=7920d86e3814d3fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\inkview.exe"
sh=44DE4BADE74E722228EDF306A7D70E2E939AF96D ft=1 fh=c0d8cd2af748ac5c vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\python.exe"
sh=FDB27B05ED6C19A661D96DC13D54BCAD78D9E0F7 ft=1 fh=939ab8472c6a20c4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\pythonw.exe"
sh=3CE00C03F713715EA66285DFE5BA3AA304C980D5 ft=1 fh=466b9c58c4347bd7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=9F7DB151A0BC6D3B1E18F278848F5C8C10780390 ft=1 fh=f57a2f171ae60f78 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=EAA4E98E2D4F832B85462E06B933C81EB77247D6 ft=1 fh=4d4762394dbc5ecf vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=B1ED33B82D580E4B827C68DE23C3853992B5EC73 ft=1 fh=3afa6bbe41288a25 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-8.0.exe"
sh=E8C30DF007FCCA85F334541F7902DC7252A163DC ft=1 fh=fe9ad8d39566843a vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=933EF23736EB42B184C414BC24AC4EC57DBD26FD ft=1 fh=9a2f8808fedcf8df vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvextract.exe"
sh=2BE15B06915B52C350A3D46F52B73D025CFD99CC ft=1 fh=dbde8cef443156b8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvinfo.exe"
sh=05B0A008900D22F5742040F01B7111F102A81E86 ft=1 fh=4a0774fa5a80586a vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvmerge.exe"
sh=3BC74F28C649CE6BF08AD2C43D547AE3A1FE66A0 ft=1 fh=31579e5a16dc49ac vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mkvpropedit.exe"
sh=F216FA6B41A4B73D392E70EE96988B16A1632B11 ft=1 fh=b3f189ace03fbaa3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\mkvtoolnix\mmg.exe"
sh=574B19685418DF9D3D14517C53A257FDCD4402F8 ft=1 fh=00e4797ccde43069 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\nethack-343-win\NetHack.exe"
sh=9EC01C2DAE2E84F9C7C7AED68356E56407AD288D ft=1 fh=6db3407e64713684 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\nethack-343-win\NetHackW.exe"
sh=979A9419D8088A44FB558A112277B1705AC1E4A7 ft=1 fh=feade7ba3cb705ef vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Nettalk6de\Nettalk.exe"
sh=90A16257FF04E3CD5A91A1EFFBDDB60A8E1F2BF3 ft=1 fh=a8ae364db73e2946 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Nettalk6de\Update.exe"
sh=9B569FF15629E57270CA34BA7042D34496CF4E74 ft=1 fh=0817782ed0631092 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\installer\Synthesia-0.8.3\Synthesia-0.8.3\Synthesia.exe"
sh=3E0A80BF70B188D214190F879E79965F4A20829E ft=1 fh=1489fb049e0956b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\LuPO_NRW_SV\LuPO_NRW_SV.exe"
sh=E81B92237A677D0011CB35B746A08B0A74C9E6B6 ft=1 fh=9b63f3f55c48b527 vn="Win32/Sality.NBA virus" ac=I fn="E:\Downloads\teeworlds-0.5_trunk-win32\teeworlds-b53-r818cf464-win32\teeworlds.exe"
sh=29BA592C0DFD69B9E33DB57E223EF34A2B1D3B2B ft=1 fh=37772c0506c26dcc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\7z465.exe"
sh=1BD9D166D870068D37D31E5DE1715BE3C40C6410 ft=1 fh=c6856d803631676a vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe"
sh=E89A77FE7B16029333C97466C7B29B3379F5F78E ft=1 fh=176c7fae9d9165fc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\ccsetup300.exe"
sh=B3E03F441BFC64F4897A584F5203ED072E22F1CB ft=1 fh=250619b75f170261 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CheatEngine55.exe"
sh=31C084ED221EA2696D5B6C1C73A2D51447DC9968 ft=1 fh=eaaa106b7350a8ec vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CheatEngine561.exe"
sh=B742A017622E922CFD42F5E23154C3CAAC9CC7C2 ft=1 fh=122fe9ddc21e7990 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\CursorFX_public.exe"
sh=43B613AE4ECE5ADF533BC0367BC61E7CFF8F9ADC ft=1 fh=0198028639698562 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\dircomp-setup.exe"
sh=9230692D627FACD48821F284C838CE61F9EB5003 ft=1 fh=fe7ddae8eb11c2d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DivXInstaller.exe"
sh=2D75D9D49E4A55371CF9C67947206122EA133CCB ft=1 fh=208c1d4f2af9e7d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Downloader_AirRivalsDE.exe"
sh=891126CDD9D918D3B1A58136D25072D6A7C73544 ft=1 fh=56c83102c889810b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Downloader_Elsword_de.exe"
sh=56B508604F5C3CCADAD6BA8C9541AD95E3FDCB41 ft=1 fh=904ce2f7535eedca vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Dropbox 1.0.10.exe"
sh=4911DFD6883585BF98BFA270626C626E267C944E ft=1 fh=409f0281cdc1c047 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\FileZilla_3.3.5.1_win32-setup.exe"
sh=8E8FEA963428C4EE766E7DF2A325939D6D79B4CD ft=1 fh=96a058484092aa2b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\FlashMute_2.exe"
sh=2A0BD2487235F44CB13591F03BFEFCD1CED3B0F7 ft=1 fh=02c33567c256f5e3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\guide_v19.exe"
sh=E76E181DBD838D90F8158C5257DC4A6B5B7C7E05 ft=1 fh=fa92dc68eb951a5d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\havdetectiontool.exe"
sh=C5CE17603BC580AA301FFD8123AD6A2B00C04322 ft=1 fh=0e4092191c1fa4ba vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\HippoVNC.exe"
sh=878B93849ED1E436D7BC843D74189208E661F7E7 ft=1 fh=f8a64a5e02be74cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Inkscape-0.48.0-1.exe"
sh=3908194B1BB9A8683AD2EB0A0A6E16DFB882FFE7 ft=1 fh=d3ad6781fb60694b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\install_icq7.exe"
sh=38228F29FE457379FF7D351667D6B50F5EE6E3E7 ft=1 fh=3b4c6213f09bee7f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\IsoBuster_2.8_Deutsch_Setup.exe"
sh=A938377ECA7E51180B8102A5C0E903543C9D049E ft=1 fh=88c75c3699b7344e vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\LF2_v20a_Install.exe"
sh=50954970505AFC794B71CF9CDC492A25F0EAEDBA ft=1 fh=9850a6524e11ef93 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\megavideo_d_setup.exe"
sh=002C6B1815048CA7E049932F655904B6E2019DAC ft=1 fh=41a7a756e089c402 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Minecraft.exe"
sh=500B4F5D2EBECD88EE2D0930D9DEE423381B994B ft=1 fh=a4d78de6c93f2b50 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\PhotoScapeSetup_V3.5.exe"
sh=9207C76C3F513E9DD1024D6A994C94703DF91891 ft=1 fh=99a268b3e4b1088c vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\QuickTimeInstaller.exe"
sh=60F6055F1CA1587504E388F588B73406AF20726F ft=1 fh=b6444bde697915f7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\readerttsinstallger.exe"
sh=6233055CFC9414A9A8EE6B9C49E004B8F842F9AA ft=1 fh=7ee4a29630bd473d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\setup.exe"
sh=89DF94046F177E8171FB57297D2F5F358F4674B2 ft=1 fh=44c07c79299b7599 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SetupAnyDVD6720.exe"
sh=7A64F31E20648B1F8DC4B451B385212DDBDED268 ft=1 fh=713f6969c6744028 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SetupCloneDVD2928Slysoft.exe"
sh=DF5905F94D0A2320599DA237960BAD7740E47E18 ft=1 fh=338f5c3fbc604ba7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\setupd.exe"
sh=EA9F8CADE6684B0A8808D67C47A4FF5A232D1AA9 ft=1 fh=7376a5ee9b72f30d vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\SkypeSetup.exe"
sh=599A131CAA24DFEC0985ADC985FF8D3B04CF19B2 ft=1 fh=62aa1b092e4a7743 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Synthesia-0.7.0-installer.exe"
sh=0D39C8C5028D8D9119C0790ABE857E6B182C3050 ft=1 fh=ea42bcb93d9d2c58 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\Synthesia-0.7.3-installer.exe"
sh=B67073B9B25D66C35C2720019E5C99B7D25F615C ft=1 fh=dabaed1368909b41 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VeohWebPlayerSetup_eng.exe"
sh=CE9854EE1337FEDD4BFC5400BFE7A14F3C417F94 ft=1 fh=f6e38269544eacef vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\vlc-1.1.4-win32.exe"
sh=2855B747AFBE0FA52FA412FFFB991708B964AE54 ft=1 fh=094acb1a39485fb7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\Setup\VSSetupWatson\DW20.EXE"
sh=36DB247F57B7D584E2EC61720900DCCFF9B4765E ft=1 fh=0c8b978ded10b41f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\Setup\VSSetupWatson\DWTRIG20.EXE"
sh=39D22209B8572F362A1377C5C2438D5B098C1D41 ft=1 fh=1a17fe21e832a350 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\DExplore\DExplore.exe"
sh=F63C21DE283AC84CEF4F0BA2F557502AD7E4C6A5 ft=1 fh=4f57fb14f3ea3551 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\DExplore\dexplorelp.exe"
sh=141B40851215AD2F11F44D8FB8C9986EBFF6ADD3 ft=1 fh=b2f1aaa6822a882b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\DEUMSDNX1530338\WCU\msi31\WindowsInstaller-KB893803-v2-x86.exe"
sh=6BFCA08204F447EF0650E64041C712FBCD2A4BF6 ft=1 fh=9e823c9295f64bad vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\dorgem210\Dorgem.exe"
sh=998312F242758A7CD1FF67BD519905AF0CBC0C48 ft=1 fh=6a59148921e05b15 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\KingdomLF2_v0.9(unfinished)\KingdomLF2.exe"
sh=CADF8A8AF8C664A5739457E671EAA55BED1848FF ft=1 fh=8ad579add6abef08 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\other\sdl\Microsoft\Feeds Cache\LRH1JVSR\teeworlds.exe"
sh=0C98C269F9C78E11AACA4D8B9C5EB1ED2AEB38E2 ft=1 fh=f3edf80b10d7781a vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\skillwheel\skillwheel.exe"
sh=E1151738198B27A3D610C8E7D8C10B338203ADA3 ft=1 fh=8a4e7b68749f84f2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\teeworlds-b46-r533d28e3-win32\teeworlds.exe"
sh=C841C2A50C379E31BB640A6CA69D0B0C305FF191 ft=1 fh=8e89a3d5d8442e87 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\auxsetup.exe"
sh=56B09C487A93AB2D7DED49E7E82A6E64139BEF22 ft=1 fh=01ed8c96507d4569 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\vdub.exe"
sh=77F9BA16EFF640EF2B91285EA28B5016AA2535AB ft=1 fh=d9fd5296b78cba57 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\VirtualDub.exe"
sh=F36AAD1114FCE7BA5E2423C75289A5C7DBED7BE0 ft=1 fh=2a87f73b687e4607 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\VirtualDub-1.9.10\VirtualDubMod.exe"
sh=C695153E025DFDA6D5FC1B6626B0A380AAF1605E ft=1 fh=f478715bab020921 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wavpack.exe"
sh=7AC58505B2FA7E6AB3B31247AC1F7C2219118857 ft=1 fh=8ce170131054d5e0 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wvgain.exe"
sh=B227771C0BE34C7F3CB2855B66F86B0E900D8399 ft=1 fh=7998f323f46d48a2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\wavpack-4.60.1\wvunpack.exe"
sh=F204D15FF0089A4CE9C2E3FE4C3E76B6CF26402A ft=1 fh=2f6d5939ba61263b vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap.exe"
sh=75F6FBA27643B1CBB1EBAD5DDEE1F42A0CDBE793 ft=1 fh=5027de1fca8d6087 vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap_lucky_home.exe"
sh=F7DF721C27633DE30C3ADD035F27031532069EFF ft=1 fh=8543743461c96f2f vn="Win32/Sality.NBA virus" ac=I fn="E:\Neuer Ordner\Downloads\webcam-snapshot.tar\webcam-snapshot\snap_lucky_mobile.exe"
sh=64FBC0F6B32078FF3C6BA9C1F7BDD3E482C3A64A ft=1 fh=ca0777b64c956251 vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\Display.Driver\dbInstaller.exe"
sh=EAFC02909F3EF1026A7FD5E20270C07A3EA97A2A ft=1 fh=0d9f740b529cc452 vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\NV3DVision\3DVision_260.89.exe"
sh=400F03C923A98DF5D8F88E748C4E31A3AD622C91 ft=1 fh=f3adbec902ec12fc vn="Win32/Sality.NBA virus" ac=I fn="E:\NVIDIA\DisplayDriver\260.89\Vista\International\NView\nviewsetup.exe"
sh=D5729DE99254021E59D61EA883A0B4F35E284EBF ft=1 fh=fc8038cf8f59a33f vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7z.exe"
sh=0FCF1821BF144F1EF6A784CA7B93031536B9B614 ft=1 fh=ebd2c64d6c4fd65a vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7zFM.exe"
sh=6765B621CECA2E32C243BBD90FE107D1305B3B05 ft=1 fh=87394442053df2a6 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\7zG.exe"
sh=4AED1053E311D5C6F5A6176A18CE1DC8D80AAB00 ft=1 fh=28e1236cae8008cb vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\7-Zip\Uninstall.exe"
sh=2B627DEEA3FE657DF2B790CD917C8B1B85696D17 ft=1 fh=6f713e88d1e53304 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"
sh=75FB61C4769F338E15EC963840E05A648A943204 ft=1 fh=36cba347e8754ba7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe"
sh=BFEFD6E0678F9135A6A99A17F17E518266F580F0 ft=1 fh=f9e68b1057a3b793 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe"
sh=CFC088C8B888BE3F36B1860B9B668BFEEE6F2A43 ft=1 fh=3dd92aa12a8eb6b4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe"
sh=2150CB849BF36F64EF88F80E8C651A2387234EF7 ft=1 fh=45ec9c351f4f8130 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\airrivals.exe"
sh=E7C2D9404A44507DF27C99F435B0479E61ECEB2B ft=1 fh=8743636963090648 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\HShield\AhnRpt.exe"
sh=2F82FAFDC5BE1661655E1C1A248203699E83144E ft=1 fh=f191e1b27a0595ad vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\AirRivals\Res-VoIP\SCVoIP.exe"
sh=099B536703BC607D09F6AD7F8BC3C67565D87989 ft=1 fh=9c567fd06066a015 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Apple Software Update\SoftwareUpdate.exe"
sh=813574ADC03EC820BB5342B1B7EB7AE14A2AF81F ft=1 fh=e0f13ce3908fdc33 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CCleaner\CCleaner.exe"
sh=B7544881D9B7D0CDB5F22C5864F0A147BCF6F876 ft=1 fh=a1cdd377970c787e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CCleaner\uninst.exe"
sh=F8D24CDD95D5B5FC1290F68FD119226DC75F6FED ft=1 fh=3b9044d705d91217 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CE\Cheat Engine\unins000.exe"
sh=5566749AA38E075B2B6023738D4CF848B6B7F970 ft=1 fh=328abdb3f295a847 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Cheat Engine\unins000.exe"
sh=4A6331BF07D7163B5F825B2D31D9C70AE2C92567 ft=1 fh=c95635eb551ae8fa vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\CloneDVD2-uninst.exe"
sh=1DFFA606F7B1BEC40112953C0DD7697DB52C1937 ft=1 fh=a21657b69b87f2fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\ExecuteWithUAC.exe"
sh=E9FE69A411D9C2A149C78F57B1556F5829C03C79 ft=1 fh=62c56af377930607 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CloneDVD2\RegCloneDVD.exe"
sh=8089F4416665C30F6CD370CE3846DB6A4E7B517A ft=1 fh=0c718c321f84a2b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe"
sh=1DFBF73E1F730F929A9D0816898EFCEBA30B46B3 ft=1 fh=2e8cc567492003cc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe"
sh=EBB15EE699026E50EF0FFAA9B17A3243FFFBE32D ft=1 fh=6740c23b5a49b357 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
sh=408D389AADB3A87A0F5CDE10FC16A5F5014709A5 ft=1 fh=f3e4f5eed65faa07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Java\Java Update\jucheck.exe"
sh=5001AA4F1ECF4480BBCD9ADC040CEDBCBCB62FB0 ft=1 fh=8c1761e768b8dfc4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Common Files\Java\Java Update\jusched.exe"
sh=65F765ECD2D2531BC24A50BC5CADE1662F85901C ft=1 fh=734d05fdbf4e550a vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\CrypTool.exe"
sh=8A6D38E69C477C17D2DD392669F0D5DE77DDA456 ft=1 fh=cdd535c20e59efa4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Enigma_de.exe"
sh=1A723464F03FD58A3B2313A47CAB59A3C2BB5B5B ft=1 fh=dce50ac1c0b66bbc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Rijndael-Animation.exe"
sh=07D3940E999D94D9F43424EB4F7BF88BED910EA3 ft=1 fh=bc2be5bbb2602201 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Rijndael-Inspector.exe"
sh=0BF0601AF31D1DCE29D86B4DC9C51115E121DDE2 ft=1 fh=c1ccd797cb5f552b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Uninstall.exe"
sh=F7E5ACDA6D8E3868A726EAA1D7D85943591F9CAE ft=1 fh=2963a2de562b88e4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Zahlenhai.exe"
sh=DBCD9024F48D2ED2B6AEDB11EE1967C69A65C2FA ft=1 fh=78cdc364e31130be vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\Bc\Bc.exe"
sh=921EE175AC153A2D5A67050405DEE89BCA48CCDD ft=1 fh=cc8015612d4686bf vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\CrypTool\smimedemo\SMIME_Animation.exe"
sh=BA359D1FAD8AAB03DD5C1C06A48D791002A7A33F ft=1 fh=b40275f205a46c98 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe"
sh=C9EF5DD60094C958B78C7DDB926F24B2D98F577E ft=1 fh=042332fb017c0d5e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Control Panel\dplreg.exe"
sh=5D36AB3F4CE8D9CF4572BDF42B0ED099F2754E22 ft=1 fh=d4a77c263b476cad vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DivX\DivX Update\DivXUpdate.exe"
sh=109645411DC7B46C1EDD60DD593FFD761991AAB8 ft=1 fh=951bf6b69701d0ce vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
sh=5366E7A3DE5CE35314612B64FEDA905F8E914E97 ft=1 fh=4c9af4613912469c vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\emagic\Logic Lugert Edition\EASIMME.exe"
sh=927F3DB49946EA53646D439A72B3F694CD1BED6A ft=1 fh=b3a82cae1c842fbc vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\emagic\Logic Lugert Edition\Logic Lugert Edition.exe"
sh=6ED8C9025BB47CA4ADF39DABAA48FA52FF9D8357 ft=1 fh=fea283513d4532db vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\gspawn-win32-helper-console.exe"
sh=313DF66AE3FA5F49FAFFB9D8632EF287FF430019 ft=1 fh=274b9012fe4afe65 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\gspawn-win32-helper.exe"
sh=2BB21B23300A1D4DDC11574B9C2F5C29674D798B ft=1 fh=92237c20a316adff vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\inkscape.exe"
sh=69768CA262581B4452A28E0AD79AF01A3A5D0F07 ft=1 fh=94bf181d8ef95bdf vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\inkview.exe"
sh=F2275B827751A2603164DF9E24D58A39BDD18678 ft=1 fh=99f16c339f1945d8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\Uninstall.exe"
sh=C3C5F441C19798DA645E946BC1C1E08BB6BF0BDD ft=1 fh=72daba5b2a4548da vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\python.exe"
sh=F0C704B85287784B48A9F5969D2CA168CDBBAAF0 ft=1 fh=720d54d602fc0a32 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\pythonw.exe"
sh=4D1CA90A94AE646F43D72CE9AD953F0488FCC055 ft=1 fh=e7b6009c7098e002 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-6.0.exe"
sh=84B919B94FA18A4CE77A926410878CFF5AD4A96E ft=1 fh=2b252ec21acfbea7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-6.exe"
sh=3EAFD7C097AC0C5E77C8A5F985D6708D7D5E650C ft=1 fh=a73289e93d6560e3 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-7.1.exe"
sh=F738BFDE39654CAAC9DE76EA4BCE96C548A8C243 ft=1 fh=3dc928cf01ae9051 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Inkscape\python\Lib\distutils\command\wininst-9.0.exe"
sh=10064C2CBA3B6742229E3D94E1A3370065855E85 ft=1 fh=55d0b73962a52a36 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\Setup.exe"
sh=B1869D3DB6816B7B5D26AC0C0FA0BDE77492D57C ft=1 fh=1566f17069720fbd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\Setup.exe"
sh=CB2E6AC343678EE81EE1C90E5563F97E445217DE ft=1 fh=9ea9020c0f8c0e42 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe"
sh=F2116EB5439F3AB327738C2AEF2197BF9E51F264 ft=1 fh=c98bb6e0a39f29f8 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\java-rmi.exe"
sh=038DCAA2ECC78570B1841FC333779A440EAC6FF1 ft=1 fh=e056488a6640b68b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\java.exe"
sh=176A96E753FA43BB640AF4D341A640AAFB39FBE7 ft=1 fh=886773c103f66c8f vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javacpl.exe"
sh=05243BEFA82AAC4F647FC40FD2B10DBD9693CEB5 ft=1 fh=81cde6a54cf2b9de vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javaw.exe"
sh=D167EE3CA566CBA99281AED36965D8C3213A3DB9 ft=1 fh=836c5f23b9c546f5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\javaws.exe"
sh=7D9E119FCA0B89F5D52C86B70AE240D59D7997B1 ft=1 fh=d2be7d900f061e71 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jbroker.exe"
sh=48728CBFB770BE0EF2F4607CB9A2123C3D9DCE67 ft=1 fh=2a98793a7dec7032 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jp2launcher.exe"
sh=9DA5F794B5CA5F919A5A790836A170FFA06EDAE6 ft=1 fh=c01f0300ace8b312 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jqs.exe"
sh=8B8E34F9BE5E8AB4E19683A0298C983CF0F0B172 ft=1 fh=6a07bfbe9050f812 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\jqsnotify.exe"
sh=3E902BEAA883E8C00A4CE5B5F3BF7674631E023A ft=1 fh=0e7ee2ea4be465ca vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\keytool.exe"
sh=B50F333B240E32A51897B5BA7014C8D6C9D8DFBA ft=1 fh=37793eef5aa5a2ff vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\kinit.exe"
sh=AFA15E4C011BB69A99189B89CE0E8F11C7ECE560 ft=1 fh=7191601b989fdf06 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\klist.exe"
sh=FBB27F8D4C4594B04F2F07C689E876F5A51AD43D ft=1 fh=a0e0554c069dfa24 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\ktab.exe"
sh=A8D94F04C28DF9A2EB2692D38730702F99556EEF ft=1 fh=5502a929e7f57124 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\orbd.exe"
sh=18D18E9389AC74038F877BFE7AC18C030A80BC2B ft=1 fh=b2d98382154dd131 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\pack200.exe"
sh=BEF9A44AC29F0290C80DFD9953A49E6A878E1EF6 ft=1 fh=84d1fec4a02b2d80 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\policytool.exe"
sh=577BB10A752DBE7674ED8313C6368834B134BE88 ft=1 fh=ea03cf93401db152 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\rmid.exe"
sh=161DFFDA3BB6EED2476CB23E2F84D8B4DAB2E9DD ft=1 fh=c5fad91b8b83ce66 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\rmiregistry.exe"
sh=147D83C7C8312BAE3F7D9C44B97E6AC64A399168 ft=1 fh=aa824e752e086913 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\servertool.exe"
sh=623392A543C4730F321EADBFEBF9A0F8486CF7EE ft=1 fh=ce73f20b9752d816 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\ssvagent.exe"
sh=20B932664A5FAE982692A548BB54D113E7A43C77 ft=1 fh=00ac557e19357768 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\tnameserv.exe"
sh=7C3D425E562C2C7078125AEAE3D8A76D3231D4E8 ft=1 fh=2049a5890d1a91fd vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Java\jre6\bin\unpack200.exe"
sh=7B5AB8117591182ED1BD86EA8895D207AE6591F2 ft=1 fh=50d64bffc0d5f6e4 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\lf2.exe"
sh=DB29ECD632796129E21727A5E7BF5C333FD78E23 ft=1 fh=c35904252b3098e5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\Uninstal.exe"
sh=68371110005A6A35A3ABDFA12DB881969FBBBC79 ft=1 fh=64d1f1f86fc6d121 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\LittleFighter2\LF2_v2.0a\recording\lfr_summary_generator.exe"
sh=054A52C26BCD1C9F5A58B293A2CC808105BC3226 ft=1 fh=0c447c2e98b3fce2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Logitech Touch Mouse Server\uninst.exe"
sh=150CF0F345D094D14E50672F0E5BDED1AE093147 ft=1 fh=66c7f8c1944b19b5 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\mt.exe"
sh=2E7FFA148330AB69AC638FE05DD2B88EFE6551AF ft=1 fh=3c3c80a7b9cbd6d7 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SQL Server\100\Shared\VS2008\1031\rdbgsetup.exe"
sh=D6E94AD2EDF20E430ED0D95A2F22E5CA13669A1D ft=1 fh=aa4827c015ad1bdb vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\Microsoft SQL Server\100\Shared\VS2008\1033\rdbgsetup.exe"
sh=5085D5C432963B80758F14A1DA230B25B921FC7A ft=1 fh=66944ec266f4b134 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7z.exe"
sh=94613B41CFECCE12C869188925022334B1CA7CB6 ft=1 fh=6e19f6089b0d7246 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7zFM.exe"
sh=9AA13CB2967EBA69A0F393FD205BD622DD5CA5CC ft=1 fh=7ca4785b766c2c40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\7zG.exe"
sh=EFBCBBE7796962243EC77BFB30C56A18A37B906B ft=1 fh=28e1236cace6ce07 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\My\Certificates\Uninstall.exe"
sh=DFE195FF3AF35D36E1343C77937C4E20235889A1 ft=1 fh=807afd9f852cdbc0 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
sh=F54D6944B94F8145BF532087E96F6E776A6A923C ft=1 fh=3aa0aa2055046d40 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe"
sh=2551469B06475A20386FE336F4A8EE68BE372153 ft=1 fh=6c9dd7c1eb4b1645 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvsttest.exe"
sh=8B7E1A637B23135713820FE24DE046AFC04F58D1 ft=1 fh=065729ca5ef00986 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe"
sh=F1556FF4C0F20A4C6383D86D516FCAA7F42E1675 ft=1 fh=da6009f0985ce05e vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\3D Vision\nvstwiz.exe"
sh=7C1EFE83F738DC153C1CAF515BA17D38523E7E3D ft=1 fh=85c0d2194d9b909b vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"
sh=CF3FAF4B5DAE375CC2BC11037F840DFA4F9C0286 ft=1 fh=3c65af1b0e50fa79 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
sh=61539B154E62F46519E9048E5C3A344A1E819DEB ft=1 fh=ca0777b68bb8bfa2 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe"
sh=55BDE77ED0307B3656B3C34E1800AE55DFF2830E ft=1 fh=0d9f740b676f1668 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.0\3DVision_260.89.exe"
sh=31DC4B9B6C1F7BA6B4A3BF056104D573A36CC40B ft=1 fh=ca0777b665e41369 vn="Win32/Sality.NBA virus" ac=I fn="E:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.0\dbInstaller.exe"
sh=E4C0EDC53A6C2715A5534BF962A33E0D17D64F3F ft=1 fh=05ff74147cfd0f76 vn="Win32/Sality.NBA virus" ac=I fn="F:\Edna Bricht Aus - Sammler Edition\uninstall.exe"
sh=2958ABDFACEB6AD257F436402227A99B5914DBDF ft=1 fh=3400b56063eefbd7 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\gu.exe"
sh=F5BB7523EF575F32511B7DDB9A74B591E57733A1 ft=1 fh=7fa00939172899b2 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Might & Magic Heroes VI.exe"
sh=808D3EE2A1942AF0DA3967643A5BECE70AD90902 ft=1 fh=019ad208f605229e vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Redist\UbisoftGameLauncherInstaller-0255.exe"
sh=3B2A5EA937D43DDA691810B4F4A74268FCF93E11 ft=1 fh=4449dd2868595671 vn="Win32/Sality.NBA virus" ac=I fn="F:\HOMM6\Redist\UbisoftGameLauncherInstaller.exe"
sh=C2DB0334D82F4B3EDD33874B56E69F14EC17387B ft=1 fh=4cfe02bd81274b2f vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\StarCraft II Public Test.exe"
sh=DB10C4AD386D16953D5F869DD71DCF800C204A71 ft=1 fh=4cfe02bd8fffa16a vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\StarCraft II.exe"
sh=0521AFEF5291BBB5034957D97D3EF795F0F19327 ft=1 fh=66b247555cc118e0 vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\BlizzardDownloader.exe"
sh=0D786AFB521108BC4B232C506554CE7006CC66A5 ft=1 fh=3c49e6976b19a960 vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\ErrorReporter.exe"
sh=1CD696CE871BF35207D8230669F54CC72C1F8F5F ft=1 fh=92d1de9d10dec27d vn="Win32/Sality.NBA virus" ac=I fn="F:\StarCraft II\Support\Repair.exe"
         

Alt 08.05.2013, 16:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Sry aber dein System ist im Eimer, Sality hat mit Sicherheit noch mehr Dateien infiziert...

Folge bitte dem Artikel zur Neuinstallation von Windows.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.05.2013, 16:55   #13
Alpollo
 
Virus beseitigung - Standard

Virus beseitigung



Naja hatte sowieso nicht viel Hoffnung ohne dich hätte ich onehin das system komplett gelöscht...Aber Danke dass du dir Zeit für mich genommen hast. Ihr macht hier wirklich tolle Arbeit. Ich würde ja auch gern helfen aber zurzeit gibt es anscheinend keine Ausbildungen...

Großes Dank an dich!

Alt 08.05.2013, 23:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus beseitigung - Standard

Virus beseitigung



Gut, danke für deine Worte

Denk bitte dran, dass du auf keinen Fall von diesem System verarbeitete EXE-Dateien sichern darfst.

Du kannst eine Sicherung der Daten machen, aber bitte NUR über ein Rettungsmedium auf Linux-Basis wie zB PartedMagic oder Knoppix, da dann bitte auch nur reine Datendateien sichern wie Musik, Videos, persönliche Dokumente aber bitte KEINE ausführbaren Dateien Programme/Spiele/Setupdateien
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus beseitigung
anderes, anzeige, anzeigen, beseitigung, dateien, festplatte, festplatten, frage, gen, internet, meldung, namen, netzwerk, office, programm, programme, rechner, scan, scanner, system, verdacht, versteckte, virenscanner, virus, windows-firewall, zugriff



Ähnliche Themen: Virus beseitigung


  1. Beseitigung von Longfintuna
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (15)
  2. Malware Beseitigung
    Log-Analyse und Auswertung - 05.05.2013 (15)
  3. Beseitigung des GVU-Trojaners
    Log-Analyse und Auswertung - 01.02.2013 (7)
  4. Beseitigung GVU Virus/ WindowsUnlocker funktioniert nicht/ Boot Error
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (5)
  5. Beseitigung ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (7)
  6. Beseitigung von 7 Viren
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (2)
  7. Beseitigung GVU-Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (4)
  8. Trojaner beseitigung
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  9. Virus trojan.agent.gen - Beseitigung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  10. Windows Update Virus, Nach Beseitigung bleiben eigene Dateien und Fotos verschlüsselt!
    Log-Analyse und Auswertung - 24.05.2012 (1)
  11. Beseitigung von gema.exe
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (44)
  12. IRC Meldung "You are infected with a trojan[...]" . Trojaner, Virus, Beseitigung
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (12)
  13. Virus bemängelt Defekte HD, nach Beseitigung Desktop weg
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (1)
  14. Virus Win 32: Kates-CX stellt sich nach Beseitigung sofort wieder her!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (23)
  15. trojaner beseitigung
    Log-Analyse und Auswertung - 08.09.2010 (19)
  16. Hilfe bei Auswertung und Beseitigung eines Virus
    Log-Analyse und Auswertung - 12.12.2007 (3)
  17. CiD - PupUps beseitigung
    Log-Analyse und Auswertung - 23.09.2007 (8)

Zum Thema Virus beseitigung - Guten Tag, Ich habe gestern Abend eine Meldung von der Windows-Firewall erhalten dass ein Programm im Temp-Verzeichniss zugriff auf das Netzwerk haben möchte. Das hat mich stutzig gemacht vorallem weil - Virus beseitigung...
Archiv
Du betrachtest: Virus beseitigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.