Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2013, 18:17   #1
Badboybill
 
GVU Trojaner - Standard

GVU Trojaner



Hallo habe seit heute folgendes Problem urplötzlich ging bei meinem Laptop ein Fenster auf angeblich von der GVU hab die hier im board beschriebene Methode mit dem frst probiert aber erfolglos das ding drängt sich immer wieder in den Vordergrund. Hoffe es kann mir jemand helfen geh noch kaputt.
System: Win 7 Starter
Lg Mario

Alt 24.07.2013, 18:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 24.07.2013, 20:23   #3
Badboybill
 
GVU Trojaner - Standard

GVU Trojaner



Hy
Habe leider keine Windows CD bei dem netbook dabei gehabt ist ein Asus eee pc 1005pe.
Wie kann ich da vorgehen?

Komme nicht mehr weiter bitte um Hilfe .
__________________

Alt 25.07.2013, 07:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



Über die Boot Optionen geht es nicht?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 09:15   #5
Badboybill
 
GVU Trojaner - Icon22

GVU Trojaner



Hallo hab den scan mit frst gemacht wie geht's jetzt weiter bin leider ein leihe und verzweifel gleich.


Alt 25.07.2013, 09:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> GVU Trojaner

Alt 25.07.2013, 10:46   #7
Badboybill
 
GVU Trojaner - Standard

GVU Trojaner




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by SYSTEM on 24-07-2013 21:25:48
Running from E:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2009-11-10] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-09-25] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [803304 2009-08-27] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LivCam] - C:\Program Files\ASUS\LivCam\LivCam.exe [284160 2009-10-16] (ASUSTek)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-24] (ECAREME)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Security\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2009-10-13] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] - C:\Program Files\asus\OOBERegBackup\OOBEReg.ini [2342 2009-09-18] ()
HKLM\...\Run: [Boingo Wi-Fi] - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-24] ()
HKLM\...\Run: [Hercules DJ Series] - C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [509224 2009-10-23] (Hercules®)
HKLM\...\Run: [Corel File Shell Monitor] - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-01-21] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BIOS Backup] - C:\Users\Mario\AppData\Roaming\1G8FQCbt1H7V.exe [405504 2011-06-28] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [facemoods] - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM\...\Run: [LXCGCATS] - C:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll [73728 2007-02-21] ()
HKLM\...\Run: [lxcgmon.exe] - C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [205744 2007-04-29] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 2300 Series\ezprint.exe [103344 2007-04-29] (Lexmark International Inc.)
HKLM\...\Run: [FILSHtray] - C:\Program Files\FILSHtray\FILSHtray.exe [596992 2011-12-15] (FILSH Media GmbH)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [309688 2012-11-12] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\hvokloi: C:\Users\Mario\AppData\Local\hvokloi.dll [X]
HKU\Default\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] ()
HKU\Default\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION 
HKU\Default User\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] ()
HKU\Default User\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION 
HKU\Mario\...\Run: [VeohPlugin] - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [x]
HKU\Mario\...\Run: [BIOS Backup] - C:\Users\Mario\AppData\Roaming\1G8FQCbt1H7V.exe [ 2011-06-28] ()
HKU\Mario\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload [ 2012-11-12] (Samsung)
HKU\Mario\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [ 2012-11-01] (Samsung Electronics)
HKU\Mario\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2012-11-12] (Samsung)
HKU\Mario\...\Run: [hvokloi] - rundll32 "C:\Users\Mario\AppData\Local\hvokloi.dll",hvokloi [x] <===== ATTENTION
HKU\Mario\...\Run: [PCSpeedUp] - C:\Program Files\PC Beschleunigen\PCSUNotifier.exe [ 2013-05-23] ()
HKU\Mario\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe [ 2013-07-24] (Cisco Systems, Inc.) <===== ATTENTION
HKU\Mario\...\Run: [Vuopdypug] - C:\Users\Mario\AppData\Roaming\Yzeba\xiify.exe [ 2012-11-15] (Minisoft)
HKU\Mario\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex [ 2011-09-13] (Adobe Systems, Inc.)
HKU\Mario\...\Policies\system: [EnableLUA] 0
HKU\Mario\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Mario\...\Command Processor: "C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe" <===== ATTENTION!
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (simplitec)
BootExecute: autocheck autochk /r \??\E:autocheck autochk * 

========================== Services (Whitelisted) =================

S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-24] (Freemake)
S2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [17408 2007-11-21] ()
S2 lxcg_device; C:\windows\system32\lxcgcoms.exe [537520 2007-04-29] ( )
S2 PCSUService; C:\Program Files\PC Beschleunigen\PCSUService.exe [388912 2013-05-23] ()
S2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [531328 2012-03-16] (Splashtop Inc.)
S2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [583968 2013-05-07] (Splashtop Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x]

==================== Drivers (Whitelisted) ====================

S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-05] ()
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [58384 2009-10-13] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167952 2009-10-13] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [52752 2009-10-13] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [83344 2009-10-13] (Trend Micro Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\AsUpIO.sys E67493490466B5F04B58C22D2590E8CA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys B01751CC563AECAC09BBE36AAA21FBEF
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\drivers\btusbflt.sys 92C5B845803F3662637EB691AC0B250F
C:\Windows\System32\Drivers\HDJBulk.sys 50F8483FBEAB51809B643EDAA6B38699
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 649705E3DAE598BC0F957BACBF9A2BD5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 574CEA4D3510EC905C0163C42D305BA5
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDJMidi.sys 69AF29573B2A54AA9B06411084E1EF41
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 81F7C715528AB621C6AF58869D4B07B9
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys DB96B8BD676BB24BD4F1DC53CA1F182C
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys 3EB803312987FF44265C87CB960DF6AB
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\L1C62x86.sys A158CEA8644B8A5C1EC0E9A81B70F65A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssudmdm.sys 6D82CB78DE57A073E95431F3486B1B27
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 8BD10DC8809DC69A1C5A795CB10ADD76
C:\Windows\System32\drivers\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\DRIVERS\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmactmon.sys 722480EAB3708D3A28C90593BFB86A74
C:\Windows\System32\DRIVERS\tmcomm.sys 7763CC9A04FA3CE9DD70987CCBBC707E
C:\Windows\System32\DRIVERS\tmevtmgr.sys 000AC70DEAE3C38B2BC259BF796AAD4D
C:\Windows\System32\DRIVERS\tmtdi.sys D7E61F0274F8CB75251B08D52B03EF98
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 94C4CD2D19B8C4137A46261F229FEC24
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\system32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\FRST
2013-07-24 10:57 - 2013-07-24 10:57 - 00003344 ____N C:\bootsqm.dat
2013-07-24 04:57 - 2013-07-24 04:57 - 01084714 _____ C:\ProgramData\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084685 _____ C:\Users\Mario\AppData\Local\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084678 _____ C:\Users\Mario\AppData\Roaming\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 00103403 _____ C:\Users\Mario\Downloads\Outlook.zip
2013-07-24 04:56 - 2013-07-24 04:57 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Arwuyw
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Yzeba
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Uwarq
2013-07-24 00:32 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-24 00:32 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-24 00:32 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-24 00:32 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-24 00:32 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-24 00:32 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-24 00:32 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-24 00:32 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-24 00:32 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-24 00:32 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-24 00:31 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-24 00:26 - 2013-07-24 00:26 - 07139328 _____ C:\Users\Mario\Downloads\aoe-kk2-sample.avi
2013-07-20 00:25 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-20 00:24 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-20 00:24 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-20 00:24 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-20 00:24 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-04 07:18 - 2013-07-04 07:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-04 07:18 - 2013-07-04 07:18 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-04 07:18 - 2013-07-04 07:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-04 07:18 - 2013-07-04 07:18 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-04 07:16 - 2013-07-04 07:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-04 07:08 - 2013-07-04 07:27 - 00011259 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\FRST
2013-07-24 11:10 - 2013-04-16 02:09 - 00007675 _____ C:\Windows\setupact.log
2013-07-24 10:57 - 2013-07-24 10:57 - 00003344 ____N C:\bootsqm.dat
2013-07-24 09:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-24 06:06 - 2010-08-24 06:56 - 01708354 _____ C:\Windows\WindowsUpdate.log
2013-07-24 06:03 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 06:03 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 05:58 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-24 05:03 - 2009-07-13 20:33 - 03692112 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-24 05:00 - 2013-06-12 10:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 05:00 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-24 04:57 - 2013-07-24 04:57 - 01084714 _____ C:\ProgramData\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084685 _____ C:\Users\Mario\AppData\Local\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084678 _____ C:\Users\Mario\AppData\Roaming\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 00103403 _____ C:\Users\Mario\Downloads\Outlook.zip
2013-07-24 04:57 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Arwuyw
2013-07-24 04:57 - 2011-02-25 08:34 - 00000000 ____D C:\Users\Mario\AppData\Roaming\uTorrent
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Yzeba
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Uwarq
2013-07-24 04:41 - 2009-07-24 23:50 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-24 00:30 - 2009-11-10 15:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-24 00:26 - 2013-07-24 00:26 - 07139328 _____ C:\Users\Mario\Downloads\aoe-kk2-sample.avi
2013-07-23 23:45 - 2010-08-24 06:57 - 00000000 ___RD C:\Users\Mario\Desktop
2013-07-20 01:05 - 2012-10-10 18:03 - 00000000 ____D C:\Windows\rescache
2013-07-20 00:02 - 2011-01-28 14:04 - 00000000 ____D C:\Program Files\Lx_cats
2013-07-04 12:42 - 2010-08-24 06:57 - 00000000 ____D C:\users\Mario
2013-07-04 11:51 - 2009-07-25 00:25 - 00000000 ____D C:\Windows\panther
2013-07-04 07:27 - 2013-07-04 07:08 - 00011259 _____ C:\Windows\IE10_main.log
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-07-04 07:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-04 07:18 - 2013-07-04 07:18 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-04 07:18 - 2013-07-04 07:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-04 07:18 - 2013-07-04 07:18 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-04 07:18 - 2013-07-04 07:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-04 07:18 - 2013-07-04 07:18 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-04 07:18 - 2013-07-04 07:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-04 07:18 - 2013-07-04 07:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-04 07:16 - 2013-07-04 07:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-04 07:16 - 2013-07-04 07:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-26 07:55 - 2013-06-12 17:34 - 00001198 _____ C:\Windows\PFRO.log

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\Users\Mario\3155952.dll
C:\Users\Mario\5351957.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {e9ab8891-e39f-11de-8271-861e277c3e4f}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {e9ab8891-e39f-11de-8271-861e277c3e4f}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\e9ab8893-e39f-11de-8271-861e277c3e4f\Winre.wim,{e9ab8894-e39f-11de-8271-861e277c3e4f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\e9ab8893-e39f-11de-8271-861e277c3e4f\Winre.wim,{e9ab8894-e39f-11de-8271-861e277c3e4f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {e9ab8891-e39f-11de-8271-861e277c3e4f}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {e9ab8894-e39f-11de-8271-861e277c3e4f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\e9ab8893-e39f-11de-8271-861e277c3e4f\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 1014.18 MB
Available physical RAM: 602.92 MB
Total Pagefile: 1014.18 MB
Available Pagefile: 603.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:7.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:8.88 GB) NTFS
Drive e: () (Removable) (Total:7.46 GB) (Free:5.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: ABF319E9)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=17 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-20 00:50

==================== End Of Log ============================
         
--- --- ---

Alt 25.07.2013, 12:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Winlogon\Notify\hvokloi: C:\Users\Mario\AppData\Local\hvokloi.dll [X]
HKU\Default\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] ()
HKU\Default\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION 
HKU\Default User\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] ()
HKU\Default User\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION 
HKU\Mario\...\Run: [hvokloi] - rundll32 "C:\Users\Mario\AppData\Local\hvokloi.dll",hvokloi [x] <===== ATTENTION
HKU\Mario\...\Run: [PCSpeedUp] - C:\Program Files\PC Beschleunigen\PCSUNotifier.exe [ 2013-05-23] ()
HKU\Mario\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe [ 2013-07-24] (Cisco Systems, Inc.) <===== ATTENTION
HKU\Mario\...\Run: [Vuopdypug] - C:\Users\Mario\AppData\Roaming\Yzeba\xiify.exe [ 2012-11-15] (Minisoft)
HKU\Mario\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Mario\...\Command Processor: "C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe" <===== ATTENTION!
2013-07-24 04:57 - 2013-07-24 04:57 - 01084714 _____ C:\ProgramData\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084685 _____ C:\Users\Mario\AppData\Local\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 01084678 _____ C:\Users\Mario\AppData\Roaming\2433f433
2013-07-24 04:57 - 2013-07-24 04:57 - 00103403 _____ C:\Users\Mario\Downloads\Outlook.zip
2013-07-24 04:56 - 2013-07-24 04:57 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Arwuyw
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Yzeba
2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Uwarq
C:\ProgramData\FullRemove.exe
C:\Users\Mario\3155952.dll
C:\Users\Mario\5351957.dll
C:\Users\Mario\AppData\Local\hvokloi.dll
C:\Windows\EeePCReboot
C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 14:33   #9
Badboybill
 
GVU Trojaner - Standard

GVU Trojaner



Code:
ATTFilter
Winlogon\Notify\hvokloi: C:\Users\Mario\AppData\Local\hvokloi.dll [X] HKU\Default\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] () HKU\Default\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION HKU\Default User\...\RunOnce: [EeePcReboot] - C:\Windows\EeePCReboot\EeePcReboot.exe [ 2009-02-05] () HKU\Default User\...\Winlogon: [Shell] C:\Program Files\asus\SystemSetting\WallPaperAgent.exe [ 2009-09-25] (ASUSTeK Computer Inc.) <==== ATTENTION HKU\Mario\...\Run: [hvokloi] - rundll32 "C:\Users\Mario\AppData\Local\hvokloi.dll",hvokloi [x] <===== ATTENTION HKU\Mario\...\Run: [PCSpeedUp] - C:\Program Files\PC Beschleunigen\PCSUNotifier.exe [ 2013-05-23] () HKU\Mario\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe [ 2013-07-24] (Cisco Systems, Inc.) <===== ATTENTION HKU\Mario\...\Run: [Vuopdypug] - C:\Users\Mario\AppData\Roaming\Yzeba\xiify.exe [ 2012-11-15] (Minisoft) HKU\Mario\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Mario\...\Command Processor: "C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe" <===== ATTENTION! 2013-07-24 04:57 - 2013-07-24 04:57 - 01084714 _____ C:\ProgramData\2433f433 2013-07-24 04:57 - 2013-07-24 04:57 - 01084685 _____ C:\Users\Mario\AppData\Local\2433f433 2013-07-24 04:57 - 2013-07-24 04:57 - 01084678 _____ C:\Users\Mario\AppData\Roaming\2433f433 2013-07-24 04:57 - 2013-07-24 04:57 - 00103403 _____ C:\Users\Mario\Downloads\Outlook.zip 2013-07-24 04:56 - 2013-07-24 04:57 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Arwuyw 2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Yzeba 2013-07-24 04:56 - 2013-07-24 04:56 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Uwarq C:\ProgramData\FullRemove.exe C:\Users\Mario\3155952.dll C:\Users\Mario\5351957.dll C:\Users\Mario\AppData\Local\hvokloi.dll C:\Windows\EeePCReboot C:\Users\Mario\AppData\Local\Temp\tbvjuhmaasssdktip.exe
         
Schrauber du bist mein Held des Tages so rechner geht nach dem Fixen nun wieder was jetzt?

nach neustart GVU wieder da ;-(

Alt 26.07.2013, 07:30   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



Du hast den Fix falsch ausgeführt.
Du hast alles in eine Zeile gemacht, die Fixlist muss genau so aussehen wie oben, Zeile für Zeile untereinander.

Bitte nochmal fixen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.07.2013, 16:12   #11
Badboybill
 
GVU Trojaner - Standard

GVU Trojaner



Habe nochmal gefixt und jetzt läuft's. ← hoffe ich
Was nun?
Lg Mario

Hab auch schon adw und junkware laufen lassen + online scannen.

Alt 27.07.2013, 10:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner - Standard

GVU Trojaner



dann poste die Logfiles

und Sorry für die Verspätung, liege flach mit Grippe und Fieber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner
angeblich, board, drängt, erfolglos, fenster, folge, folgendes, gvu trojaner, heute, hoffe, immer wieder, laptop, methode, probiert, problem, troja, trojane, trojaner, win, win 7



Zum Thema GVU Trojaner - Hallo habe seit heute folgendes Problem urplötzlich ging bei meinem Laptop ein Fenster auf angeblich von der GVU hab die hier im board beschriebene Methode mit dem frst probiert aber - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.