Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Schon wieder GVU Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.05.2013, 21:15   #1
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hallo,

ich hatte schon mal den GVU und konnte diesen mit der Rescue Disk 10 von Kaspersky entfernen.
Jetzt hab ich ihn nach 2 Monaten erneut aber Kaspersky schafft keine Abhilfe mehr!
Ja, ich habe die neueste Rescue Disk erst heut direkt von deren HP geladen.

Ich habe Windows 7 64 bit

was kann ich noch probieren?

Gruß

Alt 16.05.2013, 23:25   #2
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hi
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 17.05.2013, 07:32   #3
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Ok danke, ich probier das mal aus!

Gruss
__________________

Alt 17.05.2013, 11:43   #4
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



lass solche zwischenposts bitte weg, danke
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.05.2013, 17:36   #5
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hi,

"• Mache einen doppel Klick auf das OTLPE Icon."

danach werde ich aufgefordert ein Verzeichnis auszuwählen "Browse for folder"

egal was ich mache:
RunScanner Error
Target is not windows 2000 or later

Was nun?

Gruß


Alt 19.05.2013, 18:43   #6
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hi
alles aufklappen, ordner Windows suchen, draufklicken und ab gehts
__________________
--> Schon wieder GVU Virus

Alt 19.05.2013, 19:26   #7
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Ok, gemacht und funktioniert.

Nächstes Problem:
der infizierte Rechner erkennt keinen USBstick, hab schon mehrere probiert.
DSen code abschreiben is etwas mühsam, Internet geht leider auch nicht.
Was kann ich jetzt machen?

Ok, bei einem Neustart erkennt der Rechner den USBstick.

Nun das Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/19/2013 10:47:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.32 Mb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive D: | 3.60 Gb Total Space | 3.60 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive I: | 921.17 Gb Total Space | 442.72 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
Drive J: | 10.24 Gb Total Space | 1.92 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 06:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 06:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/15 14:28:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 18:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/23 11:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto] -- I:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/10 06:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- I:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/15 18:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- I:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 08:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- I:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 07:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto] -- I:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/03/21 13:24:04 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/03 17:39:57 | 000,076,888 | ---- | M] () [Auto] -- I:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 10:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/11/15 18:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- I:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 08:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- I:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/14 22:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- I:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/01 22:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- I:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/20 22:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- I:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/20 22:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- I:\Windows\System32\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/13 22:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- I:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 05:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- I:\Windows\System32\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 02:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/03 04:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 04:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/01/03 04:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/01/03 04:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/12/21 01:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/20 14:37:23 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/02 16:56:38 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/02 16:56:38 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 17:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\netr28x.sys -- (netr28x)
DRV - [2012/05/08 09:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- I:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Sentencer_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\Sentencer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\Sentencer_ON_I\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - Reg Error: Key error. File not found
IE - HKU\Sentencer_ON_I\..\URLSearchHook: {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - Reg Error: Key error. File not found
IE - HKU\Sentencer_ON_I\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\Sentencer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sentencer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\UpdatusUser_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_I\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: I:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.110.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: I:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0: I:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: I:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: I:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/26 09:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/02 06:44:02 | 000,000,000 | ---D | M]
 
[2011/12/26 18:02:43 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/24 14:20:10 | 000,000,000 | ---D | M] (Click to call with Skype) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/31 12:22:58 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/25 15:38:57 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/04/13 23:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/31 12:53:33 | 000,238,776 | ---- | M] (Pando Networks) -- I:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2009/12/02 04:31:53 | 000,001,392 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009/12/02 04:31:53 | 000,002,344 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009/12/02 04:31:53 | 000,006,805 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/12/02 04:31:53 | 000,001,178 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/12/02 04:31:53 | 000,000,801 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - I:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (YouTubeAnywhere) - {8015C430-448C-4003-A969-274F7F0F2D9C} - I:\Users\Sentencer\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll (Diego Casorran)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - I:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\Sentencer_ON_I\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - I:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] I:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] I:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] I:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] I:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] I:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] I:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] I:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] I:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SearchSettings] I:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] I:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sentencer_ON_I..\Run: [DAEMON Tools Lite] I:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Sentencer_ON_I..\Run: [KiesHelper] I:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\Sentencer_ON_I..\Run: [KiesPDLR] I:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Sentencer_ON_I..\Run: [KiesTrayAgent] I:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Sentencer_ON_I..\Run: [Pando Media Booster] I:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Sentencer_ON_I..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] I:\Users\Sentencer\Documents\4848370d.exe ()
O4 - HKU\Sentencer_ON_I..\Run: [Steam] I:\games\Steam\Steam.exe (Valve Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\Sentencer_ON_I..\RunOnce: [osk.exe] I:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41975 = C:\PROGRA~3\LOCALS~1\Temp\msuouoxqc.pif
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Sentencer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Sentencer_ON_I Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 17:53:49 | 000,000,000 | -HSD | C] -- I:\found.000
[2012/10/01 18:08:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\ProgramData\lsass.exe
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/16 16:45:16 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/05/16 16:44:16 | 000,001,112 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 16:44:06 | 529,854,463 | -HS- | M] () -- I:\hiberfil.sys
[2013/05/16 16:28:00 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 00:18:00 | 000,001,116 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/15 17:56:12 | 000,003,480 | ---- | M] () -- I:\bootsqm.dat
[2013/05/15 16:20:28 | 000,163,070 | ---- | M] () -- I:\Users\Sentencer\AppData\Roaming\2433f433
[2013/05/15 16:20:28 | 000,163,019 | ---- | M] () -- I:\ProgramData\2433f433
[2013/05/15 16:20:28 | 000,162,993 | ---- | M] () -- I:\Users\Sentencer\AppData\Local\2433f433
[2013/05/15 16:20:26 | 000,025,088 | ---- | M] () -- I:\Users\Sentencer\Documents\4848370d.exe
[2013/05/15 14:28:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 14:28:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/13 14:22:41 | 000,710,854 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2013/05/13 14:22:41 | 000,663,876 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2013/05/13 14:22:41 | 000,153,964 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2013/05/13 14:22:41 | 000,126,006 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2013/05/08 10:58:58 | 000,015,792 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 10:58:58 | 000,015,792 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 12:10:29 | 000,000,552 | ---- | M] () -- I:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/04/21 08:03:53 | 000,000,004 | ---- | M] () -- I:\Users\Sentencer\AppData\Roaming\skype.ini
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/15 17:56:12 | 000,003,480 | ---- | C] () -- I:\bootsqm.dat
[2013/05/15 16:20:28 | 000,163,070 | ---- | C] () -- I:\Users\Sentencer\AppData\Roaming\2433f433
[2013/05/15 16:20:28 | 000,163,019 | ---- | C] () -- I:\ProgramData\2433f433
[2013/05/15 16:20:28 | 000,162,993 | ---- | C] () -- I:\Users\Sentencer\AppData\Local\2433f433
[2013/05/15 16:20:26 | 000,025,088 | ---- | C] () -- I:\Users\Sentencer\Documents\4848370d.exe
[2013/04/21 08:03:29 | 000,000,004 | ---- | C] () -- I:\Users\Sentencer\AppData\Roaming\skype.ini
[2013/03/29 07:12:27 | 000,000,004 | ---- | C] () -- I:\Users\Sentencer\AppData\Roaming\AltShell.ini
[2012/10/01 18:08:50 | 083,023,306 | ---- | C] () -- I:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/03 16:31:09 | 083,023,306 | ---- | C] () -- I:\ProgramData\nud0repor.pad
[2012/08/31 03:48:12 | 004,503,728 | ---- | C] () -- I:\ProgramData\ism_0_llatsni.pad
[2012/03/22 15:09:46 | 000,007,604 | ---- | C] () -- I:\Users\Sentencer\AppData\Local\Resmon.ResmonCfg
[2011/07/03 15:05:51 | 000,114,180 | -H-- | C] () -- I:\Windows\SysWow64\mlfcache.dat
[2011/06/08 17:23:54 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/07 05:13:38 | 000,974,848 | ---- | C] () -- I:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 05:13:38 | 000,081,920 | ---- | C] () -- I:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 05:13:38 | 000,065,536 | ---- | C] () -- I:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 05:13:38 | 000,057,344 | ---- | C] () -- I:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 05:13:38 | 000,030,568 | ---- | C] () -- I:\Windows\MusiccityDownload.exe
[2010/09/25 15:34:24 | 000,006,144 | ---- | C] () -- I:\Users\Sentencer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 22:03:59 | 002,601,752 | R--- | C] () -- I:\Windows\SysWow64\pbsvc_moh.exe
[2010/07/20 14:43:25 | 000,000,400 | ---- | C] () -- I:\Windows\ODBC.INI
[2010/04/08 14:22:43 | 002,434,856 | ---- | C] () -- I:\Windows\SysWow64\pbsvc_bc2.exe
[2010/01/27 15:40:04 | 000,000,228 | ---- | C] () -- I:\Users\Sentencer\AppData\Roaming\wklnhst.dat
[2010/01/15 16:17:20 | 000,015,873 | ---- | C] () -- I:\Windows\SysWow64\Inetde.dll
[2010/01/11 01:13:33 | 000,000,097 | ---- | C] () -- I:\Users\Sentencer\AppData\Local\fusioncache.dat
[2010/01/10 11:18:20 | 001,670,454 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 11:14:11 | 000,281,520 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrB.exe
[2010/01/10 11:14:10 | 000,669,184 | ---- | C] () -- I:\Windows\SysWow64\pbsvc.exe
[2010/01/10 11:14:10 | 000,076,888 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrA.exe
[2009/12/29 19:48:49 | 000,000,056 | -H-- | C] () -- I:\Windows\SysWow64\ezsidmv.dat
[2009/12/28 12:47:01 | 000,000,281 | ---- | C] () -- I:\Windows\game.ini
[2009/12/25 13:50:20 | 000,000,000 | ---- | C] () -- I:\Windows\nsreg.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- I:\Windows\SysWow64\OUTLPERF.INI
[1999/12/31 20:00:00 | 000,000,023 | RHS- | C] () -- I:\Windows\mtlid64s2.dat
 
========== LOP Check ==========
 
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2013/03/29 07:32:38 | 000,000,000 | ---D | M] -- I:\ProgramData\AVG2013
[2012/08/03 15:43:08 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2010/07/20 14:37:04 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Lite
[2010/07/20 14:36:12 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2010/11/03 16:37:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\DSS
[2011/11/26 13:18:56 | 000,000,000 | ---D | M] -- I:\ProgramData\EA Core
[2012/03/03 17:32:17 | 000,000,000 | ---D | M] -- I:\ProgramData\EA Logs
[2011/11/26 13:18:58 | 000,000,000 | ---D | M] -- I:\ProgramData\Electronic Arts
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2012/01/03 12:49:49 | 000,000,000 | ---D | M] -- I:\ProgramData\Firefly Studios
[2012/03/03 10:21:52 | 000,000,000 | ---D | M] -- I:\ProgramData\Local Settings
[2013/05/11 03:16:40 | 000,000,000 | ---D | M] -- I:\ProgramData\MFAData
[2010/03/31 13:31:51 | 000,000,000 | ---D | M] -- I:\ProgramData\NexonUS
[2012/10/12 14:07:43 | 000,000,000 | ---D | M] -- I:\ProgramData\Origin
[2009/09/22 11:36:00 | 000,000,000 | ---D | M] -- I:\ProgramData\PC-Doctor for Windows
[2010/03/31 12:54:20 | 000,000,000 | ---D | M] -- I:\ProgramData\PMB Files
[2012/11/03 20:53:45 | 000,000,000 | ---D | M] -- I:\ProgramData\Recovery
[2011/06/26 05:06:35 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/12/02 16:58:31 | 000,000,000 | ---D | M] -- I:\ProgramData\Tages
[2009/09/22 11:40:35 | 000,000,000 | ---D | M] -- I:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2012/10/15 03:57:56 | 000,000,000 | ---D | M] -- I:\ProgramData\tmp
[2012/08/03 15:43:59 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software
[2009/12/30 06:47:49 | 000,000,000 | ---D | M] -- I:\ProgramData\Ubisoft
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2012/10/01 18:14:43 | 000,000,000 | -HSD | M] -- I:\ProgramData\x0daD6zqzvw
[2012/08/03 15:43:08 | 000,000,000 | -HSD | M] -- I:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/26 16:42:21 | 000,000,000 | ---D | M] -- I:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/02 14:12:19 | 000,000,000 | ---D | M] -- I:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/09/22 11:25:00 | 000,000,000 | -H-D | M] -- I:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}
[2013/04/30 12:10:29 | 000,000,552 | ---- | M] () -- I:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/04/10 21:27:14 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2013/03/29 07:30:34 | 000,000,000 | -H-D | M] -- I:\$AVG
[2011/07/03 15:07:18 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2010/07/18 11:53:31 | 000,000,000 | ---D | M] -- I:\Alte Kamerakarte
[2013/05/08 14:58:03 | 000,000,000 | ---D | M] -- I:\data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2013/05/15 17:53:49 | 000,000,000 | -HSD | M] -- I:\found.000
[2013/01/15 16:03:05 | 000,000,000 | ---D | M] -- I:\games
[2012/09/11 14:56:56 | 000,000,000 | ---D | M] -- I:\Hasi
[2010/02/28 05:20:07 | 000,000,000 | -H-D | M] -- I:\hp
[2009/09/22 11:25:10 | 000,000,000 | ---D | M] -- I:\Intel
[2013/02/08 04:27:56 | 000,000,000 | ---D | M] -- I:\Kamera 8.2.13
[2013/05/16 18:40:02 | 000,000,000 | ---D | M] -- I:\Kaspersky Rescue Disk 10.0
[2010/07/20 14:40:46 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2013/02/02 06:44:13 | 000,000,000 | ---D | M] -- I:\music
[2011/11/27 15:20:51 | 000,000,000 | ---D | M] -- I:\NVIDIA
[2010/04/13 12:36:32 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2012/03/22 14:58:47 | 000,000,000 | R--D | M] -- I:\Program Files
[2013/05/03 21:13:48 | 000,000,000 | ---D | M] -- I:\Program Files (x86)
[2013/05/15 16:20:28 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2009/12/01 17:13:54 | 000,000,000 | -HSD | M] -- I:\Programme
[2010/09/07 04:01:16 | 000,000,000 | ---D | M] -- I:\Sicherung Bilder 7.9
[2010/08/23 17:33:45 | 000,000,000 | ---D | M] -- I:\Sicherung Photo 23_08_10
[2013/05/15 14:30:21 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2013/04/14 21:07:23 | 000,000,000 | ---D | M] -- I:\Temp
[2010/11/03 09:53:33 | 000,000,000 | ---D | M] -- I:\torrents
[2010/07/12 07:02:57 | 000,000,000 | ---D | M] -- I:\Urlaub 2009
[2011/11/27 16:05:37 | 000,000,000 | R--D | M] -- I:\Users
[2013/04/18 13:30:13 | 000,000,000 | ---D | M] -- I:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 15:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- I:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- I:\hp\drivers\Intel_Storage\IaStor.sys
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- I:\Windows\System32\drivers\iaStor.sys
[2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- I:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a012329c4d1be4fd\iaStor.sys
[2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- I:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_023f2cfe3fa02200\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> I:\Users\Sentencer\AppData\Local:gs5sys
@Alternate Data Stream - 5120 bytes -> I:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> I:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> I:\Users\Sentencer\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> I:\Users\Sentencer\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> I:\Users\Sentencer\AppData\Roaming:gs5sys
< End of report >
         
--- --- ---

Alt 20.05.2013, 11:42   #8
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\Sentencer_ON_I..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] I:\Users\Sentencer\Documents\4848370d.exe ()
[2012/10/01 18:08:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\ProgramData\lsass.exe
[2013/05/15 16:20:28 | 000,163,070 | ---- | M] () -- I:\Users\Sentencer\AppData\Roaming\2433f433
[2013/05/15 16:20:28 | 000,163,019 | ---- | M] () -- I:\ProgramData\2433f433
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 16:54   #9
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hi,

hat alles wunderbar geklappt, wie gehts jetzt weiter?
Die Sachen in euren Channel noch hochladen und das wars?

Hmm ich hab noch das Problem, dass meine Maus nicht erkannt wird,
ist dies Problem bekannt?

========== OTL ==========
Registry key HKEY_USERS\Sentencer_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
I:\Users\Sentencer\Documents\4848370d.exe moved successfully.
I:\ProgramData\lsass.exe moved successfully.
I:\Users\Sentencer\AppData\Roaming\2433f433 moved successfully.
I:\ProgramData\2433f433 moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sentencer

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Public

User: Sentencer

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87487693 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes

Total Files Cleaned = 84.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 05252013_204233

Alt 25.05.2013, 16:55   #10
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



versuch mal nach neustart ob sie wieder geht.
Funkmaus? dann mal evtl. baterieen wechseln.
bzw gucken ob richtig angeschlossen.
Nach upload haben wir noch arbeit.
evtl. mal ne andere Maus zur hand, um zu gucken ob das Problem an der Maus selbst liegt?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 17:23   #11
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Datei: MovedFiles.zip_1 empfangen
Datei: fix2.log empfangen

Vorgang erfolgreich abgeschlossen.
---
Nochmal zur Maus, kein Funk, zwei Neustarts und sie bekommt nicht mal Strom.
Am Laptop geht sie und bis zum Fix ja auch.
Andere Maus geht, ich verstehs net

Alt 25.05.2013, 17:23   #12
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



ok wir schaun erst mal weiter.
ists ne usb maus? dann mal anderen Port probieren.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 17:41   #13
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Ist ne USB, ja.
Kein anderer Port geht, bei der Ersatzmaus jeder

Ok, hier das log:

21:38:17.0721 1700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:38:17.0850 1700 ============================================================
21:38:17.0850 1700 Current date / time: 2013/05/25 21:38:17.0850
21:38:17.0850 1700 SystemInfo:
21:38:17.0850 1700
21:38:17.0850 1700 OS Version: 6.1.7601 ServicePack: 1.0
21:38:17.0850 1700 Product type: Workstation
21:38:17.0850 1700 ComputerName: BULLSHIT
21:38:17.0850 1700 UserName: Sentencer
21:38:17.0850 1700 Windows directory: C:\Windows
21:38:17.0850 1700 System windows directory: C:\Windows
21:38:17.0850 1700 Running under WOW64
21:38:17.0850 1700 Processor architecture: Intel x64
21:38:17.0850 1700 Number of processors: 4
21:38:17.0850 1700 Page size: 0x1000
21:38:17.0850 1700 Boot type: Normal boot
21:38:17.0850 1700 ============================================================
21:38:18.0423 1700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:18.0501 1700 Drive \Device\Harddisk5\DR5 - Size: 0xE7400000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:38:18.0503 1700 ============================================================
21:38:18.0503 1700 \Device\Harddisk0\DR0:
21:38:18.0503 1700 MBR partitions:
21:38:18.0503 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:38:18.0503 1700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73259800
21:38:18.0503 1700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7328C000, BlocksNum 0x147A000
21:38:18.0503 1700 \Device\Harddisk5\DR5:
21:38:18.0504 1700 MBR partitions:
21:38:18.0504 1700 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x2678, BlocksNum 0x737988
21:38:18.0504 1700 ============================================================
21:38:18.0571 1700 C: <-> \Device\Harddisk0\DR0\Partition2
21:38:18.0622 1700 D: <-> \Device\Harddisk0\DR0\Partition3
21:38:18.0622 1700 ============================================================
21:38:18.0622 1700 Initialize success
21:38:18.0622 1700 ============================================================
21:38:59.0355 1476 ============================================================
21:38:59.0355 1476 Scan started
21:38:59.0355 1476 Mode: Manual; SigCheck; TDLFS;
21:38:59.0355 1476 ============================================================
21:38:59.0474 1476 ================ Scan system memory ========================
21:38:59.0474 1476 System memory - ok
21:38:59.0474 1476 ================ Scan services =============================
21:38:59.0630 1476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:38:59.0693 1476 1394ohci - ok
21:38:59.0749 1476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:38:59.0762 1476 ACPI - ok
21:38:59.0812 1476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:38:59.0873 1476 AcpiPmi - ok
21:39:00.0006 1476 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:39:00.0016 1476 AdobeFlashPlayerUpdateSvc - ok
21:39:00.0059 1476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:00.0075 1476 adp94xx - ok
21:39:00.0104 1476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:39:00.0118 1476 adpahci - ok
21:39:00.0142 1476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:39:00.0154 1476 adpu320 - ok
21:39:00.0186 1476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:39:00.0333 1476 AeLookupSvc - ok
21:39:00.0416 1476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:39:00.0475 1476 AFD - ok
21:39:00.0515 1476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:39:00.0525 1476 agp440 - ok
21:39:00.0541 1476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:39:00.0593 1476 ALG - ok
21:39:00.0639 1476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:39:00.0648 1476 aliide - ok
21:39:00.0658 1476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:39:00.0667 1476 amdide - ok
21:39:00.0681 1476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:39:00.0702 1476 AmdK8 - ok
21:39:00.0719 1476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:39:00.0745 1476 AmdPPM - ok
21:39:00.0785 1476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:39:00.0795 1476 amdsata - ok
21:39:00.0821 1476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:00.0832 1476 amdsbs - ok
21:39:00.0842 1476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:39:00.0851 1476 amdxata - ok
21:39:00.0910 1476 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
21:39:00.0971 1476 androidusb - ok
21:39:01.0027 1476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:39:01.0167 1476 AppID - ok
21:39:01.0203 1476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:39:01.0253 1476 AppIDSvc - ok
21:39:01.0322 1476 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:39:01.0363 1476 Appinfo - ok
21:39:01.0500 1476 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:01.0509 1476 Apple Mobile Device - ok
21:39:01.0560 1476 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
21:39:01.0575 1476 Application Updater - ok
21:39:01.0599 1476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:39:01.0610 1476 arc - ok
21:39:01.0621 1476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:39:01.0631 1476 arcsas - ok
21:39:01.0752 1476 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:39:01.0760 1476 aspnet_state - ok
21:39:01.0784 1476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:01.0824 1476 AsyncMac - ok
21:39:01.0880 1476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:39:01.0890 1476 atapi - ok
21:39:01.0933 1476 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:39:01.0945 1476 atksgt - ok
21:39:02.0006 1476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:39:02.0055 1476 AudioEndpointBuilder - ok
21:39:02.0065 1476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:39:02.0094 1476 AudioSrv - ok
21:39:02.0164 1476 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
21:39:02.0172 1476 Avgfwfd - ok
21:39:02.0286 1476 [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
21:39:02.0307 1476 avgfws - ok
21:39:02.0385 1476 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
21:39:02.0447 1476 AVGIDSAgent - ok
21:39:02.0493 1476 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:39:02.0502 1476 AVGIDSDriver - ok
21:39:02.0549 1476 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:39:02.0558 1476 AVGIDSHA - ok
21:39:02.0615 1476 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:39:02.0624 1476 Avgldx64 - ok
21:39:02.0693 1476 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
21:39:02.0703 1476 Avgloga - ok
21:39:02.0750 1476 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:39:02.0760 1476 Avgmfx64 - ok
21:39:02.0817 1476 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:39:02.0825 1476 Avgrkx64 - ok
21:39:02.0870 1476 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:39:02.0880 1476 Avgtdia - ok
21:39:02.0920 1476 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
21:39:02.0931 1476 avgwd - ok
21:39:02.0984 1476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:39:03.0041 1476 AxInstSV - ok
21:39:03.0056 1476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:39:03.0102 1476 b06bdrv - ok
21:39:03.0144 1476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:39:03.0171 1476 b57nd60a - ok
21:39:03.0205 1476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:39:03.0242 1476 BDESVC - ok
21:39:03.0257 1476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:39:03.0294 1476 Beep - ok
21:39:03.0368 1476 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:39:03.0407 1476 BFE - ok
21:39:03.0462 1476 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:39:03.0511 1476 BITS - ok
21:39:03.0523 1476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:03.0544 1476 blbdrive - ok
21:39:03.0655 1476 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:39:03.0668 1476 Bonjour Service - ok
21:39:03.0722 1476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:39:03.0772 1476 bowser - ok
21:39:03.0790 1476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:03.0850 1476 BrFiltLo - ok
21:39:03.0868 1476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:03.0880 1476 BrFiltUp - ok
21:39:03.0928 1476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:39:03.0953 1476 Browser - ok
21:39:03.0966 1476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:39:03.0998 1476 Brserid - ok
21:39:04.0020 1476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:04.0043 1476 BrSerWdm - ok
21:39:04.0061 1476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:04.0100 1476 BrUsbMdm - ok
21:39:04.0121 1476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:04.0133 1476 BrUsbSer - ok
21:39:04.0146 1476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:04.0175 1476 BTHMODEM - ok
21:39:04.0210 1476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:39:04.0259 1476 bthserv - ok
21:39:04.0293 1476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:39:04.0342 1476 cdfs - ok
21:39:04.0377 1476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:39:04.0415 1476 cdrom - ok
21:39:04.0484 1476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:39:04.0510 1476 CertPropSvc - ok
21:39:04.0520 1476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:39:04.0550 1476 circlass - ok
21:39:04.0585 1476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:39:04.0599 1476 CLFS - ok
21:39:04.0655 1476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:04.0664 1476 clr_optimization_v2.0.50727_32 - ok
21:39:04.0699 1476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:39:04.0707 1476 clr_optimization_v2.0.50727_64 - ok
21:39:04.0826 1476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:04.0835 1476 clr_optimization_v4.0.30319_32 - ok
21:39:04.0850 1476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:39:04.0860 1476 clr_optimization_v4.0.30319_64 - ok
21:39:04.0881 1476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:04.0907 1476 CmBatt - ok
21:39:04.0958 1476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:39:04.0969 1476 cmdide - ok
21:39:05.0024 1476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:39:05.0044 1476 CNG - ok
21:39:05.0047 1476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:39:05.0056 1476 Compbatt - ok
21:39:05.0113 1476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:39:05.0149 1476 CompositeBus - ok
21:39:05.0176 1476 COMSysApp - ok
21:39:05.0189 1476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:05.0198 1476 crcdisk - ok
21:39:05.0261 1476 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:39:05.0289 1476 CryptSvc - ok
21:39:05.0344 1476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:39:05.0390 1476 DcomLaunch - ok
21:39:05.0447 1476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:39:05.0496 1476 defragsvc - ok
21:39:05.0532 1476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:39:05.0568 1476 DfsC - ok
21:39:05.0648 1476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:39:05.0714 1476 Dhcp - ok
21:39:05.0743 1476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:39:05.0769 1476 discache - ok
21:39:05.0796 1476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:39:05.0806 1476 Disk - ok
21:39:05.0855 1476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:39:05.0882 1476 Dnscache - ok
21:39:05.0920 1476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:39:05.0966 1476 dot3svc - ok
21:39:06.0035 1476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:39:06.0070 1476 DPS - ok
21:39:06.0132 1476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:39:06.0144 1476 drmkaud - ok
21:39:06.0194 1476 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:39:06.0213 1476 DXGKrnl - ok
21:39:06.0246 1476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:39:06.0280 1476 EapHost - ok
21:39:06.0355 1476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:39:06.0461 1476 ebdrv - ok
21:39:06.0507 1476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:39:06.0563 1476 EFS - ok
21:39:06.0600 1476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:39:06.0640 1476 ehRecvr - ok
21:39:06.0682 1476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:39:06.0717 1476 ehSched - ok
21:39:06.0748 1476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:39:06.0767 1476 elxstor - ok
21:39:06.0812 1476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:39:06.0838 1476 ErrDev - ok
21:39:06.0858 1476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:39:06.0886 1476 EventSystem - ok
21:39:06.0921 1476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:39:06.0949 1476 exfat - ok
21:39:06.0970 1476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:39:07.0013 1476 fastfat - ok
21:39:07.0064 1476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:39:07.0124 1476 Fax - ok
21:39:07.0141 1476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:39:07.0152 1476 fdc - ok
21:39:07.0170 1476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:39:07.0210 1476 fdPHost - ok
21:39:07.0221 1476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:39:07.0254 1476 FDResPub - ok
21:39:07.0273 1476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:39:07.0282 1476 FileInfo - ok
21:39:07.0298 1476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:39:07.0346 1476 Filetrace - ok
21:39:07.0373 1476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:07.0399 1476 flpydisk - ok
21:39:07.0447 1476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:39:07.0459 1476 FltMgr - ok
21:39:07.0520 1476 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:39:07.0552 1476 FontCache - ok
21:39:07.0618 1476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:39:07.0625 1476 FontCache3.0.0.0 - ok
21:39:07.0643 1476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:39:07.0653 1476 FsDepends - ok
21:39:07.0677 1476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:39:07.0686 1476 Fs_Rec - ok
21:39:07.0730 1476 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:39:07.0744 1476 fvevol - ok
21:39:07.0770 1476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:07.0780 1476 gagp30kx - ok
21:39:07.0829 1476 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:07.0836 1476 GEARAspiWDM - ok
21:39:07.0887 1476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:39:07.0926 1476 gpsvc - ok
21:39:08.0016 1476 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:39:08.0024 1476 gupdate - ok
21:39:08.0034 1476 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:39:08.0041 1476 gupdatem - ok
21:39:08.0050 1476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:39:08.0093 1476 hcw85cir - ok
21:39:08.0143 1476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:39:08.0164 1476 HDAudBus - ok
21:39:08.0167 1476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:08.0179 1476 HidBatt - ok
21:39:08.0202 1476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:39:08.0216 1476 HidBth - ok
21:39:08.0224 1476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:39:08.0261 1476 HidIr - ok
21:39:08.0290 1476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:39:08.0336 1476 hidserv - ok
21:39:08.0408 1476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:39:08.0426 1476 HidUsb - ok
21:39:08.0469 1476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:39:08.0514 1476 hkmsvc - ok
21:39:08.0555 1476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:39:08.0606 1476 HomeGroupListener - ok
21:39:08.0651 1476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:39:08.0674 1476 HomeGroupProvider - ok
21:39:08.0729 1476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:39:08.0739 1476 HpSAMD - ok
21:39:08.0791 1476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:39:08.0835 1476 HTTP - ok
21:39:08.0878 1476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:39:08.0888 1476 hwpolicy - ok
21:39:08.0950 1476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:39:08.0961 1476 i8042prt - ok
21:39:09.0050 1476 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:39:09.0062 1476 IAANTMON - ok
21:39:09.0069 1476 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:39:09.0079 1476 iaStor - ok
21:39:09.0101 1476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:39:09.0116 1476 iaStorV - ok
21:39:09.0163 1476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:39:09.0182 1476 idsvc - ok
21:39:09.0195 1476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:39:09.0205 1476 iirsp - ok
21:39:09.0229 1476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:39:09.0286 1476 IKEEXT - ok
21:39:09.0348 1476 [ 31C32BC56D85D109EBB0C526BE5CACA7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:39:09.0372 1476 IntcAzAudAddService - ok
21:39:09.0425 1476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:39:09.0434 1476 intelide - ok
21:39:09.0456 1476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:39:09.0480 1476 intelppm - ok
21:39:09.0515 1476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:39:09.0557 1476 IPBusEnum - ok
21:39:09.0604 1476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:09.0644 1476 IpFilterDriver - ok
21:39:09.0729 1476 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:39:09.0775 1476 iphlpsvc - ok
21:39:09.0823 1476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:39:09.0834 1476 IPMIDRV - ok
21:39:09.0863 1476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:39:09.0898 1476 IPNAT - ok
21:39:09.0980 1476 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:39:09.0999 1476 iPod Service - ok
21:39:10.0034 1476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:39:10.0087 1476 IRENUM - ok
21:39:10.0131 1476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:39:10.0140 1476 isapnp - ok
21:39:10.0189 1476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:39:10.0202 1476 iScsiPrt - ok
21:39:10.0221 1476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:39:10.0231 1476 kbdclass - ok
21:39:10.0279 1476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:39:10.0290 1476 kbdhid - ok
21:39:10.0306 1476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:39:10.0317 1476 KeyIso - ok
21:39:10.0355 1476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:39:10.0365 1476 KSecDD - ok
21:39:10.0413 1476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:39:10.0424 1476 KSecPkg - ok
21:39:10.0434 1476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:39:10.0471 1476 ksthunk - ok
21:39:10.0503 1476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:39:10.0549 1476 KtmRm - ok
21:39:10.0605 1476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:39:10.0646 1476 LanmanServer - ok
21:39:10.0700 1476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:39:10.0740 1476 LanmanWorkstation - ok
21:39:10.0858 1476 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:39:10.0863 1476 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:39:10.0863 1476 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:39:10.0922 1476 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:39:10.0930 1476 lirsgt - ok
21:39:10.0952 1476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:39:10.0992 1476 lltdio - ok
21:39:11.0030 1476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:39:11.0077 1476 lltdsvc - ok
21:39:11.0113 1476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:39:11.0138 1476 lmhosts - ok
21:39:11.0167 1476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:11.0178 1476 LSI_FC - ok
21:39:11.0182 1476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:11.0192 1476 LSI_SAS - ok
21:39:11.0199 1476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:11.0209 1476 LSI_SAS2 - ok
21:39:11.0213 1476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:11.0223 1476 LSI_SCSI - ok
21:39:11.0244 1476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:39:11.0290 1476 luafv - ok
21:39:11.0330 1476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:39:11.0352 1476 Mcx2Svc - ok
21:39:11.0377 1476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:39:11.0386 1476 megasas - ok
21:39:11.0409 1476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:11.0422 1476 MegaSR - ok
21:39:11.0442 1476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:39:11.0496 1476 MMCSS - ok
21:39:11.0519 1476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:39:11.0555 1476 Modem - ok
21:39:11.0564 1476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:39:11.0591 1476 monitor - ok
21:39:11.0642 1476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:39:11.0651 1476 mouclass - ok
21:39:11.0685 1476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:39:11.0717 1476 mouhid - ok
21:39:11.0786 1476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:39:11.0796 1476 mountmgr - ok
21:39:11.0882 1476 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:39:11.0895 1476 MpFilter - ok
21:39:11.0946 1476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:39:11.0957 1476 mpio - ok
21:39:11.0961 1476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:39:11.0986 1476 mpsdrv - ok
21:39:12.0042 1476 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:39:12.0086 1476 MpsSvc - ok
21:39:12.0132 1476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:39:12.0161 1476 MRxDAV - ok
21:39:12.0209 1476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:12.0270 1476 mrxsmb - ok
21:39:12.0318 1476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:12.0346 1476 mrxsmb10 - ok
21:39:12.0359 1476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:12.0388 1476 mrxsmb20 - ok
21:39:12.0428 1476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:39:12.0438 1476 msahci - ok
21:39:12.0489 1476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:39:12.0500 1476 msdsm - ok
21:39:12.0517 1476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:39:12.0531 1476 MSDTC - ok
21:39:12.0564 1476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:39:12.0593 1476 Msfs - ok
21:39:12.0611 1476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:39:12.0652 1476 mshidkmdf - ok
21:39:12.0697 1476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:39:12.0707 1476 msisadrv - ok
21:39:12.0733 1476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:39:12.0762 1476 MSiSCSI - ok
21:39:12.0764 1476 msiserver - ok
21:39:12.0825 1476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:39:12.0868 1476 MSKSSRV - ok
21:39:12.0957 1476 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:39:12.0968 1476 MsMpSvc - ok
21:39:12.0987 1476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:13.0035 1476 MSPCLOCK - ok
21:39:13.0058 1476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:39:13.0096 1476 MSPQM - ok
21:39:13.0136 1476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:39:13.0149 1476 MsRPC - ok
21:39:13.0165 1476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:39:13.0174 1476 mssmbios - ok
21:39:13.0193 1476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:39:13.0226 1476 MSTEE - ok
21:39:13.0245 1476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:13.0256 1476 MTConfig - ok
21:39:13.0279 1476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:39:13.0289 1476 Mup - ok
21:39:13.0337 1476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:39:13.0368 1476 napagent - ok
21:39:13.0399 1476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:39:13.0427 1476 NativeWifiP - ok
21:39:13.0493 1476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:39:13.0514 1476 NDIS - ok
21:39:13.0532 1476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:13.0558 1476 NdisCap - ok
21:39:13.0578 1476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:13.0605 1476 NdisTapi - ok
21:39:13.0624 1476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:13.0648 1476 Ndisuio - ok
21:39:13.0678 1476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:13.0716 1476 NdisWan - ok
21:39:13.0733 1476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:39:13.0781 1476 NDProxy - ok
21:39:13.0806 1476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:39:13.0840 1476 NetBIOS - ok
21:39:13.0887 1476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:39:13.0924 1476 NetBT - ok
21:39:13.0939 1476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:39:13.0949 1476 Netlogon - ok
21:39:13.0983 1476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:39:14.0027 1476 Netman - ok
21:39:14.0077 1476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:14.0086 1476 NetMsmqActivator - ok
21:39:14.0118 1476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:14.0126 1476 NetPipeActivator - ok
21:39:14.0148 1476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:39:14.0194 1476 netprofm - ok
21:39:14.0227 1476 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:39:14.0262 1476 netr28x - ok
21:39:14.0284 1476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:14.0292 1476 NetTcpActivator - ok
21:39:14.0295 1476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:39:14.0303 1476 NetTcpPortSharing - ok
21:39:14.0319 1476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:14.0329 1476 nfrd960 - ok
21:39:14.0384 1476 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:39:14.0396 1476 NisDrv - ok
21:39:14.0445 1476 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:39:14.0461 1476 NisSrv - ok
21:39:14.0504 1476 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:39:14.0518 1476 NlaSvc - ok
21:39:14.0532 1476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:39:14.0559 1476 Npfs - ok
21:39:14.0565 1476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:39:14.0601 1476 nsi - ok
21:39:14.0615 1476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:39:14.0651 1476 nsiproxy - ok
21:39:14.0717 1476 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:39:14.0759 1476 Ntfs - ok
21:39:14.0768 1476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:39:14.0810 1476 Null - ok
21:39:15.0009 1476 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:39:15.0123 1476 nvlddmkm - ok
21:39:15.0195 1476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:39:15.0206 1476 nvraid - ok
21:39:15.0225 1476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:39:15.0237 1476 nvstor - ok
21:39:15.0273 1476 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:39:15.0290 1476 nvsvc - ok
21:39:15.0409 1476 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:39:15.0434 1476 nvUpdatusService - ok
21:39:15.0485 1476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:39:15.0496 1476 nv_agp - ok
21:39:15.0541 1476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:39:15.0553 1476 ohci1394 - ok
21:39:15.0624 1476 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:15.0633 1476 ose - ok
21:39:15.0676 1476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:39:15.0718 1476 p2pimsvc - ok
21:39:15.0745 1476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:39:15.0777 1476 p2psvc - ok
21:39:15.0789 1476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:39:15.0801 1476 Parport - ok
21:39:15.0856 1476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:39:15.0866 1476 partmgr - ok
21:39:15.0875 1476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:39:15.0905 1476 PcaSvc - ok
21:39:15.0954 1476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:39:15.0966 1476 pci - ok
21:39:16.0010 1476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:39:16.0020 1476 pciide - ok
21:39:16.0039 1476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:16.0052 1476 pcmcia - ok
21:39:16.0068 1476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:39:16.0078 1476 pcw - ok
21:39:16.0100 1476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:39:16.0168 1476 PEAUTH - ok
21:39:16.0289 1476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:39:16.0309 1476 PerfHost - ok
21:39:16.0370 1476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:39:16.0412 1476 pla - ok
21:39:16.0504 1476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:39:16.0548 1476 PlugPlay - ok
21:39:16.0577 1476 [ 64CA1485214340CACC315FFDFDED73EF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:39:16.0600 1476 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:39:16.0600 1476 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:39:16.0619 1476 PnkBstrA - ok
21:39:16.0646 1476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:39:16.0677 1476 PNRPAutoReg - ok
21:39:16.0709 1476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:39:16.0722 1476 PNRPsvc - ok
21:39:16.0780 1476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:39:16.0819 1476 PolicyAgent - ok
21:39:16.0879 1476 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:39:16.0914 1476 Power - ok
21:39:16.0965 1476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:39:16.0991 1476 PptpMiniport - ok
21:39:17.0002 1476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:39:17.0027 1476 Processor - ok
21:39:17.0079 1476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:39:17.0126 1476 ProfSvc - ok
21:39:17.0139 1476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:39:17.0150 1476 ProtectedStorage - ok
21:39:17.0210 1476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:39:17.0235 1476 Psched - ok
21:39:17.0277 1476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:39:17.0307 1476 ql2300 - ok
21:39:17.0323 1476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:17.0333 1476 ql40xx - ok
21:39:17.0361 1476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:39:17.0378 1476 QWAVE - ok
21:39:17.0390 1476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:39:17.0405 1476 QWAVEdrv - ok
21:39:17.0412 1476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:39:17.0454 1476 RasAcd - ok
21:39:17.0480 1476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:17.0522 1476 RasAgileVpn - ok
21:39:17.0541 1476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:39:17.0568 1476 RasAuto - ok
21:39:17.0613 1476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:17.0653 1476 Rasl2tp - ok
21:39:17.0716 1476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:39:17.0763 1476 RasMan - ok
21:39:17.0786 1476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:17.0818 1476 RasPppoe - ok
21:39:17.0836 1476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:39:17.0875 1476 RasSstp - ok
21:39:17.0932 1476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:39:17.0975 1476 rdbss - ok
21:39:17.0991 1476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:18.0004 1476 rdpbus - ok
21:39:18.0024 1476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:18.0063 1476 RDPCDD - ok
21:39:18.0076 1476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:39:18.0116 1476 RDPENCDD - ok
21:39:18.0126 1476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:39:18.0152 1476 RDPREFMP - ok
21:39:18.0195 1476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:39:18.0222 1476 RDPWD - ok
21:39:18.0267 1476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:39:18.0279 1476 rdyboost - ok
21:39:18.0291 1476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:39:18.0329 1476 RemoteAccess - ok
21:39:18.0354 1476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:39:18.0396 1476 RemoteRegistry - ok
21:39:18.0408 1476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:39:18.0435 1476 RpcEptMapper - ok
21:39:18.0466 1476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:39:18.0503 1476 RpcLocator - ok
21:39:18.0543 1476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:39:18.0572 1476 RpcSs - ok
21:39:18.0580 1476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:39:18.0606 1476 rspndr - ok
21:39:18.0628 1476 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:39:18.0677 1476 RTL8167 - ok
21:39:18.0695 1476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:39:18.0703 1476 SamSs - ok
21:39:18.0752 1476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:39:18.0762 1476 sbp2port - ok
21:39:18.0775 1476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:39:18.0818 1476 SCardSvr - ok
21:39:18.0858 1476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:39:18.0895 1476 scfilter - ok
21:39:18.0955 1476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:39:19.0005 1476 Schedule - ok
21:39:19.0039 1476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:39:19.0064 1476 SCPolicySvc - ok
21:39:19.0112 1476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:39:19.0137 1476 SDRSVC - ok
21:39:19.0158 1476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:39:19.0211 1476 secdrv - ok
21:39:19.0254 1476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:39:19.0297 1476 seclogon - ok
21:39:19.0333 1476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:39:19.0383 1476 SENS - ok
21:39:19.0386 1476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:39:19.0434 1476 SensrSvc - ok
21:39:19.0474 1476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:39:19.0486 1476 Serenum - ok
21:39:19.0515 1476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:39:19.0545 1476 Serial - ok
21:39:19.0616 1476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:39:19.0672 1476 sermouse - ok
21:39:19.0713 1476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:39:19.0754 1476 SessionEnv - ok
21:39:19.0793 1476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:39:19.0819 1476 sffdisk - ok
21:39:19.0868 1476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:39:19.0891 1476 sffp_mmc - ok
21:39:19.0901 1476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:39:19.0927 1476 sffp_sd - ok
21:39:19.0935 1476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:19.0945 1476 sfloppy - ok
21:39:19.0971 1476 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:39:20.0014 1476 SharedAccess - ok
21:39:20.0093 1476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:39:20.0121 1476 ShellHWDetection - ok
21:39:20.0187 1476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:20.0197 1476 SiSRaid2 - ok
21:39:20.0200 1476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:20.0210 1476 SiSRaid4 - ok
21:39:20.0335 1476 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:39:20.0345 1476 SkypeUpdate - ok
21:39:20.0380 1476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:39:20.0426 1476 Smb - ok
21:39:20.0503 1476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:39:20.0529 1476 SNMPTRAP - ok
21:39:20.0544 1476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:39:20.0553 1476 spldr - ok
21:39:20.0602 1476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:39:20.0650 1476 Spooler - ok
21:39:20.0733 1476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:39:20.0849 1476 sppsvc - ok
21:39:20.0861 1476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:39:20.0887 1476 sppuinotify - ok
21:39:20.0961 1476 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
21:39:20.0961 1476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
21:39:20.0962 1476 sptd ( LockedFile.Multi.Generic ) - warning
21:39:20.0962 1476 sptd - detected LockedFile.Multi.Generic (1)
21:39:21.0011 1476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:39:21.0053 1476 srv - ok
21:39:21.0060 1476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:39:21.0099 1476 srv2 - ok
21:39:21.0122 1476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:39:21.0143 1476 srvnet - ok
21:39:21.0194 1476 [ D52282225D5BD73A9CBF420699D1A0FE ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
21:39:21.0218 1476 ssadbus - ok
21:39:21.0239 1476 [ F7936AC6E8437E10E1AE488CE21F3086 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:39:21.0257 1476 ssadmdfl - ok
21:39:21.0267 1476 [ 1FE033372A58C67B3ECCA903FC637B36 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
21:39:21.0299 1476 ssadmdm - ok
21:39:21.0321 1476 [ 5EB7DA2F72B90C8398DF9D7A82E43FCB ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
21:39:21.0347 1476 ssadserd - ok
21:39:21.0373 1476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:39:21.0410 1476 SSDPSRV - ok
21:39:21.0426 1476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:39:21.0452 1476 SstpSvc - ok
21:39:21.0483 1476 Steam Client Service - ok
21:39:21.0524 1476 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:39:21.0536 1476 Stereo Service - ok
21:39:21.0553 1476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:39:21.0563 1476 stexstor - ok
21:39:21.0621 1476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:39:21.0642 1476 stisvc - ok
21:39:21.0678 1476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:39:21.0687 1476 swenum - ok
21:39:21.0705 1476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:39:21.0750 1476 swprv - ok
21:39:21.0813 1476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:39:21.0875 1476 SysMain - ok
21:39:21.0925 1476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:39:21.0940 1476 TabletInputService - ok
21:39:21.0989 1476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:39:22.0029 1476 TapiSrv - ok
21:39:22.0048 1476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:39:22.0089 1476 TBS - ok
21:39:22.0156 1476 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:39:22.0196 1476 Tcpip - ok
21:39:22.0224 1476 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:39:22.0251 1476 TCPIP6 - ok
21:39:22.0296 1476 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:39:22.0322 1476 tcpipreg - ok
21:39:22.0354 1476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:39:22.0369 1476 TDPIPE - ok
21:39:22.0409 1476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:39:22.0419 1476 TDTCP - ok
21:39:22.0473 1476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:39:22.0498 1476 tdx - ok
21:39:22.0541 1476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:39:22.0550 1476 TermDD - ok
21:39:22.0604 1476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:39:22.0636 1476 TermService - ok
21:39:22.0659 1476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:39:22.0681 1476 Themes - ok
21:39:22.0709 1476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:39:22.0735 1476 THREADORDER - ok
21:39:22.0783 1476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:39:22.0811 1476 TrkWks - ok
21:39:22.0880 1476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:39:22.0922 1476 TrustedInstaller - ok
21:39:22.0947 1476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:22.0973 1476 tssecsrv - ok
21:39:23.0037 1476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:39:23.0076 1476 TsUsbFlt - ok
21:39:23.0236 1476 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
21:39:23.0298 1476 TuneUp.UtilitiesSvc - ok
21:39:23.0356 1476 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
21:39:23.0364 1476 TuneUpUtilitiesDrv - ok
21:39:23.0420 1476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:39:23.0445 1476 tunnel - ok
21:39:23.0460 1476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:39:23.0470 1476 uagp35 - ok
21:39:23.0511 1476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:39:23.0552 1476 udfs - ok
21:39:23.0575 1476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:39:23.0588 1476 UI0Detect - ok
21:39:23.0640 1476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:39:23.0649 1476 uliagpkx - ok
21:39:23.0694 1476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:39:23.0714 1476 umbus - ok
21:39:23.0744 1476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:39:23.0768 1476 UmPass - ok
21:39:23.0788 1476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:39:23.0830 1476 upnphost - ok
21:39:23.0866 1476 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:39:23.0927 1476 USBAAPL64 - ok
21:39:23.0955 1476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:23.0990 1476 usbccgp - ok
21:39:24.0032 1476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:39:24.0045 1476 usbcir - ok
21:39:24.0078 1476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:39:24.0097 1476 usbehci - ok
21:39:24.0118 1476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:39:24.0142 1476 usbhub - ok
21:39:24.0156 1476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:39:24.0176 1476 usbohci - ok
21:39:24.0207 1476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:39:24.0231 1476 usbprint - ok
21:39:24.0246 1476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:24.0293 1476 USBSTOR - ok
21:39:24.0311 1476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:39:24.0330 1476 usbuhci - ok
21:39:24.0364 1476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:39:24.0409 1476 UxSms - ok
21:39:24.0429 1476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:39:24.0439 1476 VaultSvc - ok
21:39:24.0443 1476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:39:24.0452 1476 vdrvroot - ok
21:39:24.0505 1476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:39:24.0551 1476 vds - ok
21:39:24.0588 1476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:24.0600 1476 vga - ok
21:39:24.0612 1476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:39:24.0653 1476 VgaSave - ok
21:39:24.0700 1476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:39:24.0712 1476 vhdmp - ok
21:39:24.0756 1476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:39:24.0765 1476 viaide - ok
21:39:24.0784 1476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:39:24.0795 1476 volmgr - ok
21:39:24.0843 1476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:39:24.0857 1476 volmgrx - ok
21:39:24.0908 1476 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:39:24.0921 1476 volsnap - ok
21:39:24.0933 1476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:24.0944 1476 vsmraid - ok
21:39:25.0007 1476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:39:25.0091 1476 VSS - ok
21:39:25.0109 1476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:25.0143 1476 vwifibus - ok
21:39:25.0173 1476 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:25.0209 1476 vwififlt - ok
21:39:25.0248 1476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:39:25.0279 1476 W32Time - ok
21:39:25.0300 1476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:39:25.0338 1476 WacomPen - ok
21:39:25.0395 1476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:39:25.0436 1476 WANARP - ok
21:39:25.0446 1476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:39:25.0470 1476 Wanarpv6 - ok
21:39:25.0579 1476 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:39:25.0605 1476 WatAdminSvc - ok
21:39:25.0668 1476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:39:25.0731 1476 wbengine - ok
21:39:25.0747 1476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:39:25.0762 1476 WbioSrvc - ok
21:39:25.0811 1476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:39:25.0855 1476 wcncsvc - ok
21:39:25.0885 1476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:39:25.0907 1476 WcsPlugInService - ok
21:39:25.0932 1476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:39:25.0942 1476 Wd - ok
21:39:25.0996 1476 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:39:26.0018 1476 Wdf01000 - ok
21:39:26.0029 1476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:39:26.0120 1476 WdiServiceHost - ok
21:39:26.0123 1476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:39:26.0138 1476 WdiSystemHost - ok
21:39:26.0188 1476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:39:26.0214 1476 WebClient - ok
21:39:26.0225 1476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:39:26.0255 1476 Wecsvc - ok
21:39:26.0305 1476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:39:26.0361 1476 wercplsupport - ok
21:39:26.0394 1476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:39:26.0438 1476 WerSvc - ok
21:39:26.0456 1476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:26.0481 1476 WfpLwf - ok
21:39:26.0489 1476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:39:26.0499 1476 WIMMount - ok
21:39:26.0504 1476 WinHttpAutoProxySvc - ok
21:39:26.0582 1476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:39:26.0610 1476 Winmgmt - ok
21:39:26.0679 1476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:39:26.0745 1476 WinRM - ok
21:39:26.0789 1476 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:39:26.0802 1476 WinUsb - ok
21:39:26.0827 1476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:39:26.0867 1476 Wlansvc - ok
21:39:26.0908 1476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:39:26.0931 1476 WmiAcpi - ok
21:39:26.0979 1476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:39:27.0007 1476 wmiApSrv - ok
21:39:27.0030 1476 WMPNetworkSvc - ok
21:39:27.0046 1476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:39:27.0062 1476 WPCSvc - ok
21:39:27.0113 1476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:39:27.0126 1476 WPDBusEnum - ok
21:39:27.0132 1476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:39:27.0170 1476 ws2ifsl - ok
21:39:27.0172 1476 WSearch - ok
21:39:27.0245 1476 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:39:27.0306 1476 wuauserv - ok
21:39:27.0348 1476 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:39:27.0371 1476 WudfPf - ok
21:39:27.0414 1476 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:27.0440 1476 WUDFRd - ok
21:39:27.0489 1476 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:39:27.0501 1476 wudfsvc - ok
21:39:27.0513 1476 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:39:27.0542 1476 WwanSvc - ok
21:39:27.0560 1476 ================ Scan global ===============================
21:39:27.0587 1476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:39:27.0631 1476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:39:27.0636 1476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:39:27.0662 1476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:39:27.0688 1476 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:39:27.0690 1476 [Global] - ok
21:39:27.0690 1476 ================ Scan MBR ==================================
21:39:27.0701 1476 [ C04E33E69EB86700BF694E83B8B0B6E6 ] \Device\Harddisk0\DR0
21:39:27.0988 1476 \Device\Harddisk0\DR0 - ok
21:39:27.0991 1476 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
21:39:29.0940 1476 \Device\Harddisk5\DR5 - ok
21:39:29.0941 1476 ================ Scan VBR ==================================
21:39:29.0943 1476 [ 5B5D2AF2D7E84C55CE8560C48CF5F12B ] \Device\Harddisk0\DR0\Partition1
21:39:29.0944 1476 \Device\Harddisk0\DR0\Partition1 - ok
21:39:29.0952 1476 [ DA3F112239BCDF911931C445BA3CDD20 ] \Device\Harddisk0\DR0\Partition2
21:39:29.0954 1476 \Device\Harddisk0\DR0\Partition2 - ok
21:39:29.0985 1476 [ D21B0DE9CF35D6A2FD4F5C7438F672E7 ] \Device\Harddisk0\DR0\Partition3
21:39:29.0987 1476 \Device\Harddisk0\DR0\Partition3 - ok
21:39:29.0990 1476 [ 04B0E294966D35AF3B9864B907E0769F ] \Device\Harddisk5\DR5\Partition1
21:39:29.0991 1476 \Device\Harddisk5\DR5\Partition1 - ok
21:39:29.0991 1476 ============================================================
21:39:29.0991 1476 Scan finished
21:39:29.0991 1476 ============================================================
21:39:29.0999 3436 Detected object count: 3
21:39:29.0999 3436 Actual detected object count: 3
21:39:47.0781 3436 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:47.0781 3436 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:47.0781 3436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:47.0781 3436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:47.0782 3436 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:39:47.0782 3436 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:39:51.0715 0564 Deinitialize success

Alt 25.05.2013, 17:54   #14
markusg
/// Malware-holic
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Hi
gabs zu der Maus software, dann evtl. mal neu instalieren.
Du bekommst aber diesen typischen Ton wenn du die Maus anschließt?
andere USB Geräte laufen?
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 19:30   #15
Sentencer
 
Schon wieder GVU Virus - Standard

Schon wieder GVU Virus



Ich hatte bei MS sec essentials auf inaktiv gesetzt und er hat dennoch gemeckert und ich durfte "auf eigene Gefahr" weitermachen

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-25.02 - Sentencer 25.05.2013  22:06:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.3120 [GMT 2:00]
ausgeführt von:: c:\users\Sentencer\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\ism_0_llatsni.pad
c:\programdata\nud0repor.pad
c:\users\SENTEN~1\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Sentencer\4642959.exe
c:\users\Sentencer\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Sentencer\AppData\Roaming\903014875.log
c:\users\Sentencer\AppData\Roaming\Help\coredb\storage
c:\users\Sentencer\AppData\Roaming\skype.ini
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-25 bis 2013-05-25  ))))))))))))))))))))))))))))))
.
.
2013-05-26 00:42 . 2013-05-25 19:18	--------	d-----w-	C:\_OTL
2013-05-25 20:13 . 2013-05-25 20:13	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-25 20:13 . 2013-05-25 20:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-25 19:21 . 2013-05-25 19:16	964552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECA71213-FE03-4179-A441-FDABF0F53B31}\gapaengine.dll
2013-05-25 19:17 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96F2F94B-5B79-4811-900C-363EFF5CDE42}\mpengine.dll
2013-05-25 19:07 . 2013-05-25 19:07	--------	d-----w-	C:\9838ad918078db8f1d
2013-05-15 21:53 . 2013-05-15 21:53	--------	d-----w-	C:\found.000
2013-05-15 18:32 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-25 19:04 . 2010-10-07 18:57	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 18:28 . 2013-01-14 20:53	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:28 . 2011-07-19 18:31	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2009-12-01 22:06	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 05:35 . 2012-06-13 18:06	905296	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-12 14:45 . 2013-04-24 16:56	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-05 01:07 . 2013-04-05 01:07	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-05 01:07 . 2013-04-05 01:07	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-05 01:07 . 2013-04-05 01:07	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-05 01:07 . 2013-04-05 01:07	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 01:07 . 2013-04-05 01:07	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 01:07 . 2013-04-05 01:07	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-05 01:07 . 2013-04-05 01:07	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-05 01:07 . 2013-04-05 01:07	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-05 01:07 . 2013-04-05 01:07	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 01:07 . 2013-04-05 01:07	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-05 01:07 . 2013-04-05 01:07	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-05 01:07 . 2013-04-05 01:07	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-05 01:07 . 2013-04-05 01:07	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-05 01:07 . 2013-04-05 01:07	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 01:07 . 2013-04-05 01:07	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-05 01:07 . 2013-04-05 01:07	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-05 01:07 . 2013-04-05 01:07	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-05 01:07 . 2013-04-05 01:07	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-05 01:07 . 2013-04-05 01:07	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-05 01:07 . 2013-04-05 01:07	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-05 01:07 . 2013-04-05 01:07	441856	----a-w-	c:\windows\system32\html.iec
2013-04-05 01:07 . 2013-04-05 01:07	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-05 01:07 . 2013-04-05 01:07	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-05 01:07 . 2013-04-05 01:07	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-05 01:07 . 2013-04-05 01:07	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-05 01:07 . 2013-04-05 01:07	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-05 01:07 . 2013-04-05 01:07	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-05 01:07 . 2013-04-05 01:07	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-05 01:07 . 2013-04-05 01:07	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-05 01:07 . 2013-04-05 01:07	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-05 01:07 . 2013-04-05 01:07	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-05 01:07 . 2013-04-05 01:07	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-05 01:07 . 2013-04-05 01:07	235008	----a-w-	c:\windows\system32\url.dll
2013-04-05 01:07 . 2013-04-05 01:07	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-05 01:07 . 2013-04-05 01:07	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-05 01:07 . 2013-04-05 01:07	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-05 01:07 . 2013-04-05 01:07	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-05 01:07 . 2013-04-05 01:07	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-05 01:07 . 2013-04-05 01:07	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-05 01:07 . 2013-04-05 01:07	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-05 01:07 . 2013-04-05 01:07	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-05 01:07 . 2013-04-05 01:07	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-05 01:07 . 2013-04-05 01:07	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-05 01:07 . 2013-04-05 01:07	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-05 01:07 . 2013-04-05 01:07	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-05 01:07 . 2013-04-05 01:07	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-05 01:07 . 2013-04-05 01:07	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 01:07 . 2013-04-05 01:07	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-05 01:07 . 2013-04-05 01:07	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-05 01:05 . 2013-04-05 01:05	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 01:05 . 2013-04-05 01:05	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-05 01:05 . 2013-04-05 01:05	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-04-05 01:05 . 2013-04-05 01:05	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 01:05 . 2013-04-05 01:05	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-05 01:05 . 2013-04-05 01:05	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-05 01:05 . 2013-04-05 01:05	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-05 01:05 . 2013-04-05 01:05	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-05 01:05 . 2013-04-05 01:05	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-05 01:05 . 2013-04-05 01:05	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-05 01:05 . 2013-04-05 01:05	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-05 01:05 . 2013-04-05 01:05	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-04-05 01:05 . 2013-04-05 01:05	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-05 01:05 . 2013-04-05 01:05	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-05 01:05 . 2013-04-05 01:05	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-04-05 01:05 . 2013-04-05 01:05	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-04-05 01:05 . 2013-04-05 01:05	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-04-05 01:05 . 2013-04-05 01:05	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-05 01:05 . 2013-04-05 01:05	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-04-05 01:05 . 2013-04-05 01:05	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-05 01:05 . 2013-04-05 01:05	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-05 01:05 . 2013-04-05 01:05	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-05 01:05 . 2013-04-05 01:05	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-05 01:05 . 2013-04-05 01:05	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 01:05 . 2013-04-05 01:05	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-05 01:05 . 2013-04-05 01:05	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-04-05 01:05 . 2013-04-05 01:05	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-04-05 01:05 . 2013-04-05 01:05	1238528	----a-w-	c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll" [2013-02-23 1352512]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8015C430-448C-4003-A969-274F7F0F2D9C}]
2010-05-03 19:44	269824	----a-w-	c:\users\Sentencer\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2013-02-23 18:17	1352512	----a-w-	c:\program files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\games\Steam\Steam.exe" [2013-05-03 1635752]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-09 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips GoGear Spark Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear Spark Device Manager\main.exe [2010-2-21 124784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 145384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-16 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-20 834544]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 13:26	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 18:28]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 12:16]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 12:16]
.
2013-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Free YouTube to MP3 Converter - c:\users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com/?l=dis&o=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Explorer_Run-41975 - c:\progra~3\LOCALS~1\Temp\msuouoxqc.pif
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:73,21,69,18,9b,df,c3,1c,b6,5a,5f,e0,5b,ad,bd,e2,71,42,ee,7d,d2,33,42,
   6f,99,89,3b,1f,34,b4,16,37,7f,7c,eb,47,0e,b8,f4,19,5d,dd,3d,b1,d3,d9,7c,5e,\
"??"=hex:0f,e2,c5,fa,ef,c2,e6,8f,82,50,a2,66,1f,5c,1a,6a
.
[HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,35,eb,b2,17,fc,dc,99,12,66,67,d3,d2,16,ad,c0,d7,f3,fd,5f,af,
   bd,19,19,fa,4d,ef,29,4b,dc,25,31,ca,7e,bd,ca,5c,53,fa,09,7c,a9,d3,a4,50,47,\
"rkeysecu"=hex:23,1f,f6,ba,83,1b,ea,6a,16,bd,35,37,e1,04,aa,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-25  22:26:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-25 20:26
.
Vor Suchlauf: 22 Verzeichnis(se), 480.448.561.152 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 485.892.669.440 Bytes frei
.
- - End Of File - - A478D85100A39E2613024AEF304AAAC8
         
--- --- ---

Antwort

Themen zu Schon wieder GVU Virus
abhilfe, direkt, entferne, erneut, gvu virus, kaspersky, konnte, monate, neues, neueste, pando media booster, rescue, rescue disk, schafft, trojan.agent.tpl, trojan.zbot.fv, virus, windows, windows 7



Ähnliche Themen: Schon wieder GVU Virus


  1. Leider wieder mal was bzw. schon wieder eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (9)
  2. Schon wieder PUP..
    Log-Analyse und Auswertung - 24.09.2013 (5)
  3. Und schon wieder ist's passiert... UKASH / BKA Virus!
    Log-Analyse und Auswertung - 02.09.2012 (16)
  4. Nicht schon wieder diesmal BKA-Virus
    Log-Analyse und Auswertung - 17.06.2012 (5)
  5. schon wieder 50 € virus
    Log-Analyse und Auswertung - 21.02.2012 (3)
  6. habe schon wieder den Bundestrojaner / BKA Virus !
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (24)
  7. schon wieder Virus??
    Plagegeister aller Art und deren Bekämpfung - 15.07.2009 (2)
  8. schon wieder virus???
    Antiviren-, Firewall- und andere Schutzprogramme - 10.07.2009 (1)
  9. Nicht schon wieder,Virus?!?!?!?!
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (6)
  10. Schon Wieder
    Plagegeister aller Art und deren Bekämpfung - 05.02.2006 (35)
  11. Virus ? Schon wieder?
    Log-Analyse und Auswertung - 02.12.2005 (3)
  12. und schon wieder...
    Log-Analyse und Auswertung - 15.11.2005 (1)
  13. Und schon nerve ich schon wieder...
    Log-Analyse und Auswertung - 20.07.2005 (4)
  14. Was ist das schon wieder?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2005 (6)
  15. habe schon wieder einen virus
    Plagegeister aller Art und deren Bekämpfung - 08.10.2004 (6)

Zum Thema Schon wieder GVU Virus - Hallo, ich hatte schon mal den GVU und konnte diesen mit der Rescue Disk 10 von Kaspersky entfernen. Jetzt hab ich ihn nach 2 Monaten erneut aber Kaspersky schafft keine - Schon wieder GVU Virus...
Archiv
Du betrachtest: Schon wieder GVU Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.