| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Virus hat zugeschlagenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2012, 21:06
| #1 |
| |  GVU-Virus hat zugeschlagen Hallo Team, Mich hat der GVU-Virus mit schlechter Sprachausgabe und Webcamfeld, außerdem der Forderung nach 100 Euro erwischt. Ich hoffe jemand kann mir helfen. Habe ein 32Bit-System. Hier meine Logs (Die Extra von OTL kam bei mir nicht): OTL-Log: Code:
ATTFilter OTL logfile created on: 21.11.2012 02:38:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fabi\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 90,53% Memory free 5,34 Gb Paging File | 5,19 Gb Available in Paging File | 97,16% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 31,72 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive E: | 203,53 Gb Total Space | 100,24 Gb Free Space | 49,25% Space Free | Partition Type: NTFS Drive F: | 203,64 Gb Total Space | 109,76 Gb Free Space | 53,90% Space Free | Partition Type: NTFS Drive J: | 963,70 Mb Total Space | 233,30 Mb Free Space | 24,21% Space Free | Partition Type: FAT Computer Name: ***** | User Name: fabi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\fabi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Hercules\WiFiStationN\WiFiN.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\xvid.ax () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (UI Assistant Service) -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe () SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe () SRV - (NMSAccessU) -- F:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (HerculesWiFi) -- C:\WINDOWS\system32\HerculesWiFiService.exe (Guillemot Corporation) SRV - (NVIDIA Performance Driver Service) -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () SRV - (appdrvrem01) -- C:\WINDOWS\System32\appdrvrem01.exe (Protection Technology) SRV - (GEST Service) -- C:\Programme\GIGABYTE\GEST\GSvr.exe () SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (apazfqjo) -- File not found DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (MBB Incorporated) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (L6PODX3LV) -- C:\WINDOWS\system32\drivers\L6PODX3LV.sys (Line 6) DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (appdrv01) -- C:\WINDOWS\system32\drivers\appdrv01.sys (Protection Technology) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation) DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-854245398-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1482476501-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKU\S-1-5-21-854245398-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.ecosia.org/" FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.5 FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.5 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: E:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: E:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.02.22 15:17:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.26 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.24 08:26:47 | 000,000,000 | ---D | M] [2009.02.22 18:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mozilla\Extensions [2012.11.21 01:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mozilla\Firefox\Profiles\f7ant1ft.default\extensions [2010.05.03 20:03:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mozilla\Firefox\Profiles\f7ant1ft.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.08 21:26:07 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mozilla\Firefox\Profiles\f7ant1ft.default\extensions\battlefieldheroespatcher@ea.com [2012.10.24 08:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.07.04 21:26:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.04 21:26:05 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com [2012.07.08 21:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\searchsettings@spigot.com [2012.10.26 21:55:34 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2012.10.25 10:03:21 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2012.10.26 21:55:30 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.26 21:55:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.26 21:55:26 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.26 21:55:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.26 21:55:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.26 21:55:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.26 21:55:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [GEST] C:\Programme\GIGABYTE\GEST\run.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-854245398-1482476501-839522115-1003..\Run: [DAEMON Tools Lite] E:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-854245398-1482476501-839522115-1003..\Run: [DataMgr] C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\DataMgr\datamgr.exe (HTTO Group, Ltd.) O4 - HKU\S-1-5-21-854245398-1482476501-839522115-1003..\Run: [Protector] C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\SDIV 2.0\Prot\prot.vbs () O4 - HKU\S-1-5-21-854245398-1482476501-839522115-1003..\Run: [TU] C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\SDIV 2.0\Prot\tu\tu.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station N.lnk = C:\Programme\Hercules\WiFiStationN\WiFiN.exe () O4 - Startup: C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = E:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-1482476501-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-854245398-1482476501-839522115-1003\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKU\S-1-5-21-854245398-1482476501-839522115-1003\..Trusted Domains: line6.net ([]* in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.04 02:36:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0d44b314-d800-11e1-8308-b104184ed950}\Shell - "" = AutoRun O33 - MountPoints2\{0d44b314-d800-11e1-8308-b104184ed950}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0d44b314-d800-11e1-8308-b104184ed950}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{5e5c3319-9ad9-11de-8186-001d7dd130e0}\Shell\AutoRun\command - "" = avira.exe O33 - MountPoints2\{9384a7b8-1dab-11e2-833d-0008d380dfd1}\Shell - "" = AutoRun O33 - MountPoints2\{9384a7b8-1dab-11e2-833d-0008d380dfd1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9384a7b8-1dab-11e2-833d-0008d380dfd1}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{ac682770-f274-11e0-82cd-9761b8509f7c}\Shell - "" = AutoRun O33 - MountPoints2\{ac682770-f274-11e0-82cd-9761b8509f7c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ac682770-f274-11e0-82cd-9761b8509f7c}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{ac682774-f274-11e0-82cd-9761b8509f7c}\Shell - "" = AutoRun O33 - MountPoints2\{ac682774-f274-11e0-82cd-9761b8509f7c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ac682774-f274-11e0-82cd-9761b8509f7c}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 02:13:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fabi\Desktop\OTL.exe [2012.11.21 01:48:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.11.21 01:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2012.11.21 01:00:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2012.11.21 00:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\SDIV 2.0 [2012.11.21 00:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\HMN [2012.11.21 00:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\DataMgr [2012.11.21 00:49:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\fbDownloader [2012.11.21 00:48:56 | 019,027,936 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Dokumente und Einstellungen\fabi\Desktop\FreeYouTubeDownload3-1-40-1031.exe [2012.11.20 18:02:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\helden [2012.11.20 18:01:44 | 000,000,000 | ---D | C] -- C:\Programme\Helden-Software [2012.11.20 18:01:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Helden-Software [2012.11.19 21:17:58 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\fabi\ms.exe [2012.11.13 20:37:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe [2012.10.25 10:04:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Search Settings [2012.10.25 10:03:02 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.10.25 10:03:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.10.25 10:03:00 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.10.24 08:26:51 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.24 08:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.10.23 10:16:28 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.21 02:37:10 | 000,041,984 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.21 02:13:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fabi\Desktop\OTL.exe [2012.11.21 02:05:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.21 01:48:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.21 01:38:12 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2012.11.21 01:35:00 | 000,210,919 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.21 01:34:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 01:33:06 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2012.11.21 01:20:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 01:11:00 | 000,513,740 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.21 01:11:00 | 000,490,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.21 01:11:00 | 000,099,690 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.21 01:11:00 | 000,083,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.21 00:49:07 | 019,027,936 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Dokumente und Einstellungen\fabi\Desktop\FreeYouTubeDownload3-1-40-1031.exe [2012.11.20 18:02:01 | 000,000,232 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\.dsa4.properties [2012.11.20 18:02:00 | 000,002,207 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\.heldEinstellungen4_1.xml [2012.11.19 21:17:59 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\fabi\ms.exe [2012.11.19 19:57:44 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012.11.19 19:57:19 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2012.11.19 08:30:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.15 21:57:46 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [2012.11.13 20:37:51 | 000,001,064 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk [2012.11.13 20:37:36 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe [2012.11.05 17:44:35 | 002,457,832 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\gfh.jpg [2012.11.05 17:44:35 | 000,038,521 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\.recently-used.xbel [2012.11.05 17:44:07 | 014,411,206 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\gfh.xcf [2012.10.23 10:16:28 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 18:02:00 | 000,002,207 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\.heldEinstellungen4_1.xml [2012.11.20 18:01:59 | 000,000,232 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\.dsa4.properties [2012.11.13 20:37:51 | 000,001,064 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk [2012.11.13 20:37:36 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2012.11.05 17:44:35 | 000,038,521 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\.recently-used.xbel [2012.11.05 17:44:34 | 002,457,832 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\gfh.jpg [2012.11.05 17:44:07 | 014,411,206 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\gfh.xcf [2012.10.24 08:26:48 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.02.19 13:22:11 | 000,088,813 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\agssave.999 [2011.01.23 19:25:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011.01.23 19:25:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011.01.23 19:25:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011.01.23 19:25:45 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011.01.23 19:25:45 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009.02.23 19:10:46 | 000,131,800 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.02.21 22:14:34 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\PnkBstrK.sys [2008.07.04 22:45:08 | 000,041,984 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.04 22:23:49 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\pbuser.htm [2008.07.04 22:23:30 | 000,009,407 | ---- | C] () -- C:\Dokumente und Einstellungen\fabi\pbgame.htm ========== ZeroAccess Check ========== [2009.02.23 19:05:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2002.12.31 13:00:00 | 001,483,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2002.12.31 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2002.12.31 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.08.25 16:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2009.11.11 17:22:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.02.23 19:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fallout3 [2009.07.12 20:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Line 6 [2009.07.10 22:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2009.08.08 02:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\.minecraft [2008.08.25 17:08:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Azureus [2009.11.11 17:22:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Canneverbe_Limited [2009.02.22 02:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2008.09.20 13:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\DAEMON Tools [2012.11.21 00:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\DataMgr [2012.11.05 17:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\gtk-2.0 [2012.11.21 00:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\HMN [2009.05.08 21:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\ICQ [2009.03.07 13:13:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\ImgBurn [2009.07.12 20:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Line 6 [2009.03.06 21:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mount&Blade [2009.07.08 22:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Mumble [2009.08.23 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\OpenOffice.org [2010.03.09 10:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\pdfforge [2009.03.09 14:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\REAPER [2012.11.21 00:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\SDIV 2.0 [2012.10.25 10:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Search Settings [2009.04.09 23:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Teeworlds [2009.07.10 22:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Ubisoft [2009.03.07 18:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Unity [2012.11.20 20:13:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\uTorrent [2012.10.21 12:39:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\Verbindungsassistent [2012.07.08 21:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\wtxpcom [2008.09.25 16:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\XRay Engine [2011.10.09 13:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Verbindungsassistent ========== Purity Check ========== < End of report > Defogger log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:48 on 21/11/2012 (fabi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 15:50:43
-----------------------------
15:50:43.750 OS Version: Windows 5.1.2600 Service Pack 2
15:50:43.750 Number of processors: 4 586 0x1707
15:50:43.750 ComputerName: ***** UserName: fabi
15:50:45.812 Initialize success
15:51:43.468 AVAST engine defs: 12112100
15:51:56.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:51:56.687 Disk 0 Vendor: ST3500320AS SD15 Size: 476938MB BusType: 3
15:51:56.703 Disk 0 MBR read successfully
15:51:56.718 Disk 0 MBR scan
15:51:56.750 Disk 0 Windows XP default MBR code
15:51:56.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
15:51:56.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 208413 MB offset 122881185
15:51:56.812 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 208523 MB offset 549712170
15:51:56.843 Disk 0 scanning sectors +976768065
15:51:56.906 Disk 0 scanning C:\WINDOWS\system32\drivers
15:52:02.328 Service scanning
15:52:16.640 Modules scanning
15:52:43.890 Disk 0 trace - called modules:
15:52:43.921 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:52:43.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae5aab8]
15:52:43.953 3 CLASSPNP.SYS[f764805b] -> nt!IofCallDriver -> \Device\00000074[0x8ae089e8]
15:52:43.968 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae66940]
15:52:44.375 AVAST engine scan C:\WINDOWS
15:52:48.437 AVAST engine scan C:\WINDOWS\system32
15:54:37.453 AVAST engine scan C:\WINDOWS\system32\drivers
15:54:44.937 AVAST engine scan C:\Dokumente und Einstellungen\fabi
15:57:27.671 File: C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Temp\wpbt0.dll **INFECTED** Win32:LockScreen-OK [Trj]
15:57:33.609 File: C:\Dokumente und Einstellungen\fabi\ms.exe **INFECTED** Win32:Rootkit-gen [Rtk]
15:57:42.843 AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:58:01.703 Scan finished successfully
15:58:08.468 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\fabi\Desktop\MBR.dat"
15:58:08.484 The log file has been saved successfully to "C:\Dokumente und Einstellungen\fabi\Desktop\aswMBR.txt"
Gmer-Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 16:33:06
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500320AS rev.SD15
Running: 58l06j6n.exe; Driver: C:\DOKUME~1\fabi\LOKALE~1\Temp\uxtdypob.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOKUME~1\fabi\LOKALE~1\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x03 0xD6 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0xA1 0x70 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x81 0x00 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x03 0xD6 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0xA1 0x70 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0x81 0x00 0x8B ...
---- EOF - GMER 1.0.15 ----
und hier noch die TDSS-Killer-Log: Code:
ATTFilter 21:08:51.0421 2028 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:08:51.0625 2028 ============================================================
21:08:51.0625 2028 Current date / time: 2012/11/21 21:08:51.0625
21:08:51.0625 2028 SystemInfo:
21:08:51.0625 2028
21:08:51.0625 2028 OS Version: 5.1.2600 ServicePack: 2.0
21:08:51.0625 2028 Product type: Workstation
21:08:51.0625 2028 ComputerName: *****
21:08:51.0625 2028 UserName: fabi
21:08:51.0625 2028 Windows directory: C:\WINDOWS
21:08:51.0625 2028 System windows directory: C:\WINDOWS
21:08:51.0625 2028 Processor architecture: Intel x86
21:08:51.0625 2028 Number of processors: 4
21:08:51.0625 2028 Page size: 0x1000
21:08:51.0625 2028 Boot type: Safe boot with network
21:08:51.0625 2028 ============================================================
21:08:55.0078 2028 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:08:55.0078 2028 Drive \Device\Harddisk1\DR4 - Size: 0x3C3FFE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:08:55.0078 2028 ============================================================
21:08:55.0078 2028 \Device\Harddisk0\DR0:
21:08:55.0078 2028 MBR partitions:
21:08:55.0078 2028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
21:08:55.0078 2028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304A1, BlocksNum 0x1970EC89
21:08:55.0078 2028 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20C3F12A, BlocksNum 0x19745B17
21:08:55.0078 2028 \Device\Harddisk1\DR4:
21:08:55.0078 2028 MBR partitions:
21:08:55.0078 2028 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E1FC0
21:08:55.0078 2028 ============================================================
21:08:55.0093 2028 C: <-> \Device\Harddisk0\DR0\Partition1
21:08:55.0156 2028 E: <-> \Device\Harddisk0\DR0\Partition2
21:08:55.0312 2028 F: <-> \Device\Harddisk0\DR0\Partition3
21:08:55.0328 2028 ============================================================
21:08:55.0328 2028 Initialize success
21:08:55.0328 2028 ============================================================
21:09:02.0078 0188 ============================================================
21:09:02.0078 0188 Scan started
21:09:02.0078 0188 Mode: Manual; SigCheck; TDLFS;
21:09:02.0078 0188 ============================================================
21:09:04.0875 0188 ================ Scan system memory ========================
21:09:04.0875 0188 System memory - ok
21:09:04.0875 0188 ================ Scan services =============================
21:09:05.0015 0188 Abiosdsk - ok
21:09:05.0015 0188 abp480n5 - ok
21:09:05.0031 0188 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:09:05.0375 0188 ACPI - ok
21:09:05.0390 0188 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:09:05.0437 0188 ACPIEC - ok
21:09:05.0453 0188 adpu160m - ok
21:09:05.0484 0188 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:09:05.0546 0188 aec - ok
21:09:05.0578 0188 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:09:05.0593 0188 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:09:05.0593 0188 AegisP - detected UnsignedFile.Multi.Generic (1)
21:09:05.0609 0188 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:09:05.0671 0188 AFD - ok
21:09:05.0671 0188 Aha154x - ok
21:09:05.0687 0188 aic78u2 - ok
21:09:05.0703 0188 aic78xx - ok
21:09:05.0718 0188 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:09:05.0781 0188 Alerter - ok
21:09:05.0796 0188 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
21:09:05.0828 0188 ALG - ok
21:09:05.0828 0188 AliIde - ok
21:09:05.0843 0188 amsint - ok
21:09:05.0921 0188 [ FEC0C3F9B39C5D17EC3442F244EC0474 ] appdrv01 C:\WINDOWS\system32\Drivers\appdrv01.sys
21:09:06.0125 0188 appdrv01 - ok
21:09:06.0125 0188 appdrvrem01 - ok
21:09:06.0312 0188 [ 70968A726D9DE0F0259D4AEB965FAD61 ] Application Updater C:\Programme\Application Updater\ApplicationUpdater.exe
21:09:06.0406 0188 Application Updater - ok
21:09:06.0500 0188 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:09:06.0562 0188 AppMgmt - ok
21:09:06.0562 0188 asc - ok
21:09:06.0578 0188 asc3350p - ok
21:09:06.0593 0188 asc3550 - ok
21:09:06.0921 0188 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:09:06.0968 0188 aspnet_state - ok
21:09:06.0984 0188 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:09:07.0046 0188 AsyncMac - ok
21:09:07.0109 0188 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:09:07.0203 0188 atapi - ok
21:09:07.0203 0188 Atdisk - ok
21:09:07.0234 0188 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:09:07.0250 0188 atksgt - ok
21:09:07.0265 0188 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:09:07.0328 0188 Atmarpc - ok
21:09:07.0343 0188 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:09:07.0406 0188 AudioSrv - ok
21:09:07.0421 0188 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:09:07.0484 0188 audstub - ok
21:09:07.0515 0188 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:09:07.0562 0188 Beep - ok
21:09:07.0609 0188 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
21:09:07.0734 0188 BITS - ok
21:09:07.0750 0188 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
21:09:07.0812 0188 Browser - ok
21:09:07.0828 0188 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:09:07.0890 0188 cbidf2k - ok
21:09:07.0906 0188 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:09:07.0968 0188 CCDECODE - ok
21:09:07.0968 0188 cd20xrnt - ok
21:09:08.0000 0188 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:09:08.0062 0188 Cdaudio - ok
21:09:08.0062 0188 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:09:08.0125 0188 Cdfs - ok
21:09:08.0156 0188 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:09:08.0218 0188 Cdrom - ok
21:09:08.0234 0188 Changer - ok
21:09:08.0250 0188 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] cisvc C:\WINDOWS\system32\cisvc.exe
21:09:08.0312 0188 cisvc - ok
21:09:08.0343 0188 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:09:08.0390 0188 ClipSrv - ok
21:09:08.0437 0188 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:08.0468 0188 clr_optimization_v2.0.50727_32 - ok
21:09:08.0500 0188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:08.0562 0188 clr_optimization_v4.0.30319_32 - ok
21:09:08.0578 0188 CmdIde - ok
21:09:08.0578 0188 COMSysApp - ok
21:09:08.0609 0188 Cpqarray - ok
21:09:08.0625 0188 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:09:08.0687 0188 CryptSvc - ok
21:09:08.0687 0188 dac2w2k - ok
21:09:08.0703 0188 dac960nt - ok
21:09:08.0718 0188 [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:09:08.0796 0188 DcomLaunch - ok
21:09:08.0796 0188 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:09:08.0859 0188 Dhcp - ok
21:09:08.0890 0188 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:09:08.0937 0188 Disk - ok
21:09:08.0953 0188 dmadmin - ok
21:09:08.0984 0188 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:09:09.0062 0188 dmboot - ok
21:09:09.0109 0188 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
21:09:09.0171 0188 dmio - ok
21:09:09.0171 0188 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:09:09.0234 0188 dmload - ok
21:09:09.0250 0188 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
21:09:09.0312 0188 dmserver - ok
21:09:09.0343 0188 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:09:09.0390 0188 DMusic - ok
21:09:09.0406 0188 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:09:09.0468 0188 Dnscache - ok
21:09:09.0484 0188 dpti2o - ok
21:09:09.0500 0188 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:09:09.0562 0188 drmkaud - ok
21:09:09.0593 0188 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
21:09:09.0593 0188 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
21:09:09.0593 0188 EAPPkt - detected UnsignedFile.Multi.Generic (1)
21:09:09.0609 0188 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:09:09.0671 0188 ERSvc - ok
21:09:09.0703 0188 [ E5030E34DE21A6818E8586BFB7DD4B60 ] ET5Drv C:\WINDOWS\system32\Drivers\ET5Drv.sys
21:09:09.0750 0188 ET5Drv - ok
21:09:09.0765 0188 [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog C:\WINDOWS\system32\services.exe
21:09:09.0843 0188 Eventlog - ok
21:09:09.0859 0188 [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem C:\WINDOWS\system32\es.dll
21:09:09.0921 0188 EventSystem - ok
21:09:09.0953 0188 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
21:09:09.0984 0188 ew_hwusbdev - ok
21:09:10.0000 0188 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:09:10.0062 0188 Fastfat - ok
21:09:10.0109 0188 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:09:10.0171 0188 FastUserSwitchingCompatibility - ok
21:09:10.0187 0188 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:09:10.0234 0188 Fdc - ok
21:09:10.0250 0188 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:09:10.0296 0188 Fips - ok
21:09:10.0312 0188 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:09:10.0375 0188 Flpydisk - ok
21:09:10.0390 0188 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:09:10.0453 0188 FltMgr - ok
21:09:10.0468 0188 [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:09:10.0484 0188 FontCache3.0.0.0 - ok
21:09:10.0484 0188 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:09:10.0546 0188 Fs_Rec - ok
21:09:10.0546 0188 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:09:10.0609 0188 Ftdisk - ok
21:09:10.0640 0188 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
21:09:10.0640 0188 gdrv - ok
21:09:10.0671 0188 [ A73082BAB773171B34D656609C6D5854 ] GEST Service C:\Programme\GIGABYTE\GEST\GSvr.exe
21:09:10.0687 0188 GEST Service - ok
21:09:10.0703 0188 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:09:10.0750 0188 Gpc - ok
21:09:10.0796 0188 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e3c665794a9d C:\Programme\Google\Update\GoogleUpdate.exe
21:09:10.0812 0188 gupdate1c9e3c665794a9d - ok
21:09:10.0828 0188 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:09:10.0828 0188 gupdatem - ok
21:09:10.0843 0188 [ D30B31375C40309425C21EFE75DB90BB ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:09:10.0843 0188 hamachi - ok
21:09:10.0859 0188 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:09:10.0875 0188 HDAudBus - ok
21:09:10.0890 0188 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:09:10.0953 0188 helpsvc - ok
21:09:10.0984 0188 [ 2F337D9ADE7B9F2C954C6E799D82D619 ] HerculesWiFi C:\WINDOWS\system32\HerculesWiFiService.exe
21:09:10.0984 0188 HerculesWiFi - ok
21:09:11.0000 0188 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll
21:09:11.0062 0188 HidServ - ok
21:09:11.0078 0188 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:09:11.0140 0188 HidUsb - ok
21:09:11.0140 0188 hpn - ok
21:09:11.0156 0188 hpt3xx - ok
21:09:11.0187 0188 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:09:11.0250 0188 HTTP - ok
21:09:11.0281 0188 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:09:11.0328 0188 HTTPFilter - ok
21:09:11.0359 0188 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:09:11.0390 0188 hwdatacard - ok
21:09:11.0406 0188 i2omgmt - ok
21:09:11.0406 0188 i2omp - ok
21:09:11.0421 0188 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:09:11.0484 0188 i8042prt - ok
21:09:11.0531 0188 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:09:11.0531 0188 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:09:11.0531 0188 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:09:11.0578 0188 [ EA7267505149B3A10DF32506A4E4E412 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:09:11.0671 0188 idsvc ( UnsignedFile.Multi.Generic ) - warning
21:09:11.0671 0188 idsvc - detected UnsignedFile.Multi.Generic (1)
21:09:11.0687 0188 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:09:11.0734 0188 Imapi - ok
21:09:11.0750 0188 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
21:09:11.0812 0188 ImapiService - ok
21:09:11.0828 0188 ini910u - ok
21:09:11.0906 0188 [ C282875880DF189C64C465FC54A0150A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:09:12.0546 0188 IntcAzAudAddService - ok
21:09:12.0562 0188 IntelIde - ok
21:09:12.0593 0188 [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:09:12.0640 0188 intelppm - ok
21:09:12.0656 0188 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:09:12.0718 0188 Ip6Fw - ok
21:09:12.0734 0188 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:09:12.0781 0188 IpFilterDriver - ok
21:09:12.0796 0188 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:09:12.0843 0188 IpInIp - ok
21:09:12.0859 0188 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:09:12.0921 0188 IpNat - ok
21:09:12.0921 0188 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:09:12.0984 0188 IPSec - ok
21:09:13.0015 0188 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:09:13.0046 0188 IRENUM - ok
21:09:13.0078 0188 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:09:13.0140 0188 isapnp - ok
21:09:13.0156 0188 [ AB95B2DDB49F6B6CF52625E56C1F1F71 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
21:09:13.0187 0188 JRAID - ok
21:09:13.0203 0188 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:09:13.0265 0188 Kbdclass - ok
21:09:13.0281 0188 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:09:13.0328 0188 kbdhid - ok
21:09:13.0343 0188 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:09:13.0406 0188 kmixer - ok
21:09:13.0421 0188 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:09:13.0484 0188 KSecDD - ok
21:09:13.0515 0188 [ 8B41CA266B68E2207BD92C8A3ED7C431 ] L6PODX3LV C:\WINDOWS\system32\Drivers\L6PODX3LV.sys
21:09:13.0531 0188 L6PODX3LV ( UnsignedFile.Multi.Generic ) - warning
21:09:13.0531 0188 L6PODX3LV - detected UnsignedFile.Multi.Generic (1)
21:09:13.0546 0188 [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:09:13.0609 0188 lanmanserver - ok
21:09:13.0625 0188 [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:09:13.0687 0188 lanmanworkstation - ok
21:09:13.0687 0188 lbrtfdc - ok
21:09:13.0734 0188 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:09:13.0734 0188 lirsgt - ok
21:09:13.0750 0188 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:09:13.0796 0188 LmHosts - ok
21:09:13.0828 0188 [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] lusbaudio C:\WINDOWS\system32\drivers\OVSound2.sys
21:09:13.0875 0188 lusbaudio - ok
21:09:13.0890 0188 [ B4B8B993A83084CE25DC776965903CE7 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
21:09:13.0906 0188 massfilter - ok
21:09:13.0921 0188 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:09:13.0984 0188 Messenger - ok
21:09:14.0000 0188 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:09:14.0062 0188 mnmdd - ok
21:09:14.0125 0188 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:09:14.0187 0188 mnmsrvc - ok
21:09:14.0250 0188 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:09:14.0312 0188 Modem - ok
21:09:14.0328 0188 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:09:14.0390 0188 Mouclass - ok
21:09:14.0390 0188 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:09:14.0468 0188 mouhid - ok
21:09:14.0468 0188 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:09:14.0531 0188 MountMgr - ok
21:09:14.0562 0188 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:09:14.0578 0188 MozillaMaintenance - ok
21:09:14.0578 0188 mraid35x - ok
21:09:14.0609 0188 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:09:14.0656 0188 MRxDAV - ok
21:09:14.0671 0188 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:09:14.0750 0188 MRxSmb - ok
21:09:14.0781 0188 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:09:14.0828 0188 MSDTC - ok
21:09:14.0859 0188 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:09:14.0921 0188 Msfs - ok
21:09:14.0921 0188 MSIServer - ok
21:09:14.0953 0188 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:09:15.0000 0188 MSKSSRV - ok
21:09:15.0015 0188 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:09:15.0078 0188 MSPCLOCK - ok
21:09:15.0078 0188 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:09:15.0140 0188 MSPQM - ok
21:09:15.0140 0188 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:09:15.0203 0188 mssmbios - ok
21:09:15.0218 0188 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:09:15.0281 0188 MSTEE - ok
21:09:15.0281 0188 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:09:15.0343 0188 Mup - ok
21:09:15.0375 0188 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:09:15.0421 0188 NABTSFEC - ok
21:09:15.0437 0188 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:09:15.0500 0188 NDIS - ok
21:09:15.0515 0188 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:09:15.0562 0188 NdisIP - ok
21:09:15.0578 0188 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:09:15.0625 0188 NdisTapi - ok
21:09:15.0640 0188 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:09:15.0703 0188 Ndisuio - ok
21:09:15.0718 0188 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:09:15.0765 0188 NdisWan - ok
21:09:15.0781 0188 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:09:15.0843 0188 NDProxy - ok
21:09:15.0859 0188 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:09:15.0906 0188 NetBIOS - ok
21:09:15.0921 0188 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:09:15.0968 0188 NetBT - ok
21:09:15.0984 0188 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:09:16.0046 0188 NetDDE - ok
21:09:16.0046 0188 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:09:16.0109 0188 NetDDEdsdm - ok
21:09:16.0125 0188 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:09:16.0171 0188 Netlogon - ok
21:09:16.0187 0188 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
21:09:16.0250 0188 Netman - ok
21:09:16.0296 0188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:09:16.0375 0188 NetTcpPortSharing - ok
21:09:16.0390 0188 [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla C:\WINDOWS\System32\mswsock.dll
21:09:16.0453 0188 Nla - ok
21:09:16.0515 0188 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU F:\Programme\CDBurnerXP\NMSAccessU.exe
21:09:16.0531 0188 NMSAccessU - ok
21:09:16.0546 0188 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:09:16.0593 0188 Npfs - ok
21:09:16.0625 0188 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:09:16.0687 0188 Ntfs - ok
21:09:16.0734 0188 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:09:16.0781 0188 NtLmSsp - ok
21:09:16.0812 0188 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:09:16.0875 0188 NtmsSvc - ok
21:09:16.0890 0188 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:09:16.0937 0188 Null - ok
21:09:17.0062 0188 [ 07E25FE08344021091F000D84611A2AB ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:09:17.0937 0188 nv - ok
21:09:18.0015 0188 [ E00696D78AF663C523D3483410C66F21 ] NVIDIA Performance Driver Service C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
21:09:18.0515 0188 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - warning
21:09:18.0515 0188 NVIDIA Performance Driver Service - detected UnsignedFile.Multi.Generic (1)
21:09:18.0531 0188 [ C05A34A53008C443BD9D0BD18683BFD4 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:09:18.0546 0188 NVSvc - ok
21:09:18.0562 0188 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:09:18.0609 0188 NwlnkFlt - ok
21:09:18.0625 0188 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:09:18.0671 0188 NwlnkFwd - ok
21:09:18.0703 0188 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:09:18.0765 0188 NwlnkIpx - ok
21:09:18.0765 0188 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:09:18.0828 0188 NwlnkNb - ok
21:09:18.0843 0188 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:09:18.0890 0188 NwlnkSpx - ok
21:09:18.0921 0188 [ AAD837BF3B475092FD515CD0842334E9 ] oreans32 C:\WINDOWS\system32\drivers\oreans32.sys
21:09:18.0937 0188 oreans32 ( UnsignedFile.Multi.Generic ) - warning
21:09:18.0937 0188 oreans32 - detected UnsignedFile.Multi.Generic (1)
21:09:18.0937 0188 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:09:19.0000 0188 Parport - ok
21:09:19.0015 0188 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:09:19.0078 0188 PartMgr - ok
21:09:19.0093 0188 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:09:19.0156 0188 ParVdm - ok
21:09:19.0187 0188 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:09:19.0281 0188 PCI - ok
21:09:19.0281 0188 PCIDump - ok
21:09:19.0312 0188 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:09:19.0359 0188 PCIIde - ok
21:09:19.0375 0188 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:09:19.0437 0188 Pcmcia - ok
21:09:19.0437 0188 PDCOMP - ok
21:09:19.0453 0188 PDFRAME - ok
21:09:19.0468 0188 PDRELI - ok
21:09:19.0484 0188 PDRFRAME - ok
21:09:19.0500 0188 perc2 - ok
21:09:19.0500 0188 perc2hib - ok
21:09:19.0546 0188 [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay C:\WINDOWS\system32\services.exe
21:09:19.0609 0188 PlugPlay - ok
21:09:19.0625 0188 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
21:09:19.0625 0188 PnkBstrA - ok
21:09:19.0640 0188 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:09:19.0687 0188 PolicyAgent - ok
21:09:19.0703 0188 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:19.0750 0188 PptpMiniport - ok
21:09:19.0781 0188 [ 3D7F196E77F986C106E9320B81A5EBBF ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:09:19.0828 0188 Processor - ok
21:09:19.0843 0188 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:09:19.0890 0188 ProtectedStorage - ok
21:09:19.0921 0188 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
21:09:19.0921 0188 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
21:09:19.0921 0188 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
21:09:19.0937 0188 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:09:19.0984 0188 PSched - ok
21:09:20.0000 0188 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:20.0062 0188 Ptilink - ok
21:09:20.0078 0188 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:09:20.0093 0188 PxHelp20 - ok
21:09:20.0140 0188 [ 90849934D37133E069F31F3E9A66C9BC ] QCEmerald C:\WINDOWS\system32\DRIVERS\OVCE.sys
21:09:20.0203 0188 QCEmerald - ok
21:09:20.0203 0188 ql1080 - ok
21:09:20.0218 0188 Ql10wnt - ok
21:09:20.0234 0188 ql12160 - ok
21:09:20.0250 0188 ql1240 - ok
21:09:20.0265 0188 ql1280 - ok
21:09:20.0265 0188 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:20.0328 0188 RasAcd - ok
21:09:20.0343 0188 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:09:20.0406 0188 RasAuto - ok
21:09:20.0421 0188 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:20.0468 0188 Rasl2tp - ok
21:09:20.0484 0188 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:09:20.0546 0188 RasMan - ok
21:09:20.0562 0188 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:20.0609 0188 RasPppoe - ok
21:09:20.0625 0188 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:20.0671 0188 Raspti - ok
21:09:20.0687 0188 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:20.0750 0188 Rdbss - ok
21:09:20.0765 0188 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:20.0812 0188 RDPCDD - ok
21:09:20.0843 0188 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:09:20.0890 0188 rdpdr - ok
21:09:20.0937 0188 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:09:20.0984 0188 RDPWD - ok
21:09:21.0015 0188 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:09:21.0078 0188 RDSessMgr - ok
21:09:21.0125 0188 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:21.0171 0188 redbook - ok
21:09:21.0203 0188 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:09:21.0250 0188 RemoteAccess - ok
21:09:21.0281 0188 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:09:21.0328 0188 RemoteRegistry - ok
21:09:21.0359 0188 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
21:09:21.0406 0188 RpcLocator - ok
21:09:21.0437 0188 [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:09:21.0500 0188 RpcSs - ok
21:09:21.0515 0188 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:09:21.0562 0188 RSVP - ok
21:09:21.0656 0188 [ 1C5CCCC1493E01728DA837F1F74D7FA9 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
21:09:21.0656 0188 RTL8187B ( UnsignedFile.Multi.Generic ) - warning
21:09:21.0656 0188 RTL8187B - detected UnsignedFile.Multi.Generic (1)
21:09:21.0796 0188 [ 678C6D510F7D324A8F02B4A97AED8E7E ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
21:09:21.0875 0188 RTL8192su - ok
21:09:21.0906 0188 [ 36ADA62330C31AD314E4A26B815FC485 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:09:21.0921 0188 RTLE8023xp - ok
21:09:21.0921 0188 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
21:09:21.0984 0188 SamSs - ok
21:09:22.0000 0188 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardDrv C:\WINDOWS\System32\SCardSvr.exe
21:09:22.0046 0188 SCardDrv - ok
21:09:22.0062 0188 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:09:22.0109 0188 SCardSvr - ok
21:09:22.0140 0188 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:09:22.0187 0188 Schedule - ok
21:09:22.0203 0188 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:22.0234 0188 Secdrv - ok
21:09:22.0250 0188 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
21:09:22.0296 0188 seclogon - ok
21:09:22.0312 0188 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
21:09:22.0359 0188 SENS - ok
21:09:22.0375 0188 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:09:22.0437 0188 serenum - ok
21:09:22.0437 0188 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:09:22.0500 0188 Serial - ok
21:09:22.0546 0188 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:22.0609 0188 Sfloppy - ok
21:09:22.0625 0188 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:09:22.0687 0188 SharedAccess - ok
21:09:22.0703 0188 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:09:22.0765 0188 ShellHWDetection - ok
21:09:22.0765 0188 Simbad - ok
21:09:22.0781 0188 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:09:22.0843 0188 SLIP - ok
21:09:22.0859 0188 Sparrow - ok
21:09:22.0890 0188 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:09:22.0937 0188 splitter - ok
21:09:22.0953 0188 [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:09:23.0000 0188 Spooler - ok
21:09:23.0031 0188 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
21:09:23.0078 0188 sptd - ok
21:09:23.0093 0188 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:09:23.0125 0188 sr - ok
21:09:23.0140 0188 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
21:09:23.0171 0188 srservice - ok
21:09:23.0171 0188 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:09:23.0234 0188 Srv - ok
21:09:23.0250 0188 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:09:23.0281 0188 SSDPSRV - ok
21:09:23.0328 0188 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
21:09:23.0328 0188 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:09:23.0328 0188 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:09:23.0359 0188 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:09:23.0421 0188 stisvc - ok
21:09:23.0437 0188 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:09:23.0500 0188 streamip - ok
21:09:23.0515 0188 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:23.0562 0188 swenum - ok
21:09:23.0593 0188 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:09:23.0640 0188 swmidi - ok
21:09:23.0656 0188 SwPrv - ok
21:09:23.0656 0188 symc810 - ok
21:09:23.0671 0188 symc8xx - ok
21:09:23.0687 0188 sym_hi - ok
21:09:23.0703 0188 sym_u3 - ok
21:09:23.0718 0188 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:09:23.0765 0188 sysaudio - ok
21:09:23.0796 0188 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:09:23.0843 0188 SysmonLog - ok
21:09:23.0890 0188 [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
21:09:23.0937 0188 TabletServicePen - ok
21:09:23.0968 0188 [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:09:24.0062 0188 TapiSrv - ok
21:09:24.0109 0188 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:24.0171 0188 Tcpip - ok
21:09:24.0187 0188 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:24.0234 0188 TDPIPE - ok
21:09:24.0250 0188 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:09:24.0296 0188 TDTCP - ok
21:09:24.0328 0188 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:24.0375 0188 TermDD - ok
21:09:24.0390 0188 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
21:09:24.0453 0188 TermService - ok
21:09:24.0468 0188 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:09:24.0531 0188 Themes - ok
21:09:24.0546 0188 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
21:09:24.0562 0188 TlntSvr - ok
21:09:24.0578 0188 TosIde - ok
21:09:24.0593 0188 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:09:24.0656 0188 TrkWks - ok
21:09:24.0671 0188 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:09:24.0718 0188 Udfs - ok
21:09:24.0765 0188 [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Programme\1&1 Surf-Stick\AssistantServices.exe
21:09:24.0781 0188 UI Assistant Service - ok
21:09:24.0781 0188 ultra - ok
21:09:24.0812 0188 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:09:24.0828 0188 UMWdf - ok
21:09:24.0843 0188 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:09:24.0906 0188 Update - ok
21:09:24.0937 0188 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
21:09:24.0968 0188 upnphost - ok
21:09:24.0984 0188 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
21:09:25.0046 0188 UPS - ok
21:09:25.0062 0188 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:09:25.0109 0188 usbaudio - ok
21:09:25.0171 0188 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:25.0234 0188 usbccgp - ok
21:09:25.0281 0188 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:09:25.0328 0188 usbehci - ok
21:09:25.0328 0188 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:25.0390 0188 usbhub - ok
21:09:25.0406 0188 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:09:25.0468 0188 usbprint - ok
21:09:25.0500 0188 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:25.0546 0188 USBSTOR - ok
21:09:25.0562 0188 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:25.0609 0188 usbuhci - ok
21:09:25.0625 0188 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:09:25.0671 0188 VgaSave - ok
21:09:25.0687 0188 ViaIde - ok
21:09:25.0703 0188 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:09:25.0750 0188 VolSnap - ok
21:09:25.0796 0188 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
21:09:25.0828 0188 VSS - ok
21:09:25.0843 0188 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
21:09:25.0890 0188 W32Time - ok
21:09:25.0921 0188 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
21:09:25.0921 0188 wacommousefilter - ok
21:09:25.0953 0188 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
21:09:25.0968 0188 wacomvhid - ok
21:09:25.0984 0188 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
21:09:25.0984 0188 WacomVKHid - ok
21:09:26.0000 0188 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:26.0046 0188 Wanarp - ok
21:09:26.0062 0188 WDICA - ok
21:09:26.0078 0188 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:09:26.0140 0188 wdmaud - ok
21:09:26.0171 0188 [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient C:\WINDOWS\System32\webclnt.dll
21:09:26.0218 0188 WebClient - ok
21:09:26.0281 0188 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:09:26.0328 0188 winmgmt - ok
21:09:26.0359 0188 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:09:26.0390 0188 WmdmPmSN - ok
21:09:26.0406 0188 [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:09:26.0484 0188 Wmi - ok
21:09:26.0546 0188 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:09:26.0609 0188 WmiApSrv - ok
21:09:26.0625 0188 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
21:09:26.0640 0188 WpdUsb - ok
21:09:26.0859 0188 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:09:26.0890 0188 WPFFontCache_v0400 - ok
21:09:26.0937 0188 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:09:26.0984 0188 wscsvc - ok
21:09:27.0015 0188 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:09:27.0062 0188 WSTCODEC - ok
21:09:27.0218 0188 [ A583F4BF607EBC5709578433207A76A8 ] WTGService C:\Programme\Verbindungsassistent\WTGService.exe
21:09:27.0234 0188 WTGService - ok
21:09:27.0281 0188 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:09:27.0328 0188 wuauserv - ok
21:09:27.0359 0188 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:09:27.0468 0188 WZCSVC - ok
21:09:27.0531 0188 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:09:27.0578 0188 xmlprov - ok
21:09:27.0593 0188 [ 9BDD8C51C56BE88B081E885085BD7286 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
21:09:27.0609 0188 ZTEusbmdm6k - ok
21:09:27.0625 0188 [ 9BDD8C51C56BE88B081E885085BD7286 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
21:09:27.0640 0188 ZTEusbnmea - ok
21:09:27.0656 0188 [ 9BDD8C51C56BE88B081E885085BD7286 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
21:09:27.0656 0188 ZTEusbser6k - ok
21:09:27.0687 0188 ================ Scan global ===============================
21:09:27.0703 0188 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
21:09:27.0718 0188 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
21:09:27.0734 0188 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
21:09:27.0734 0188 [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
21:09:27.0734 0188 [Global] - ok
21:09:27.0734 0188 ================ Scan MBR ==================================
21:09:27.0750 0188 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:09:27.0984 0188 \Device\Harddisk0\DR0 - ok
21:09:27.0984 0188 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR4
21:09:30.0546 0188 \Device\Harddisk1\DR4 - ok
21:09:30.0546 0188 ================ Scan VBR ==================================
21:09:30.0546 0188 [ 3D54310820BD09C6776435BF364A065D ] \Device\Harddisk0\DR0\Partition1
21:09:30.0546 0188 \Device\Harddisk0\DR0\Partition1 - ok
21:09:30.0578 0188 [ 0102B4FD1183758B608AE805FCE84765 ] \Device\Harddisk0\DR0\Partition2
21:09:30.0578 0188 \Device\Harddisk0\DR0\Partition2 - ok
21:09:30.0593 0188 [ 5A3E9D5113D86DF5E6A2FB7F15379516 ] \Device\Harddisk0\DR0\Partition3
21:09:30.0593 0188 \Device\Harddisk0\DR0\Partition3 - ok
21:09:30.0609 0188 [ 4F50A0AC88B46090A5BBCA7BFE6C0CB4 ] \Device\Harddisk1\DR4\Partition1
21:09:30.0609 0188 \Device\Harddisk1\DR4\Partition1 - ok
21:09:30.0609 0188 ============================================================
21:09:30.0609 0188 Scan finished
21:09:30.0609 0188 ============================================================
21:09:30.0734 0184 Detected object count: 10
21:09:30.0734 0184 Actual detected object count: 10
21:09:44.0703 0184 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0703 0184 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0703 0184 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0703 0184 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0718 0184 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0718 0184 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0718 0184 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0718 0184 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0734 0184 L6PODX3LV ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0734 0184 L6PODX3LV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0734 0184 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0734 0184 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0734 0184 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0734 0184 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0750 0184 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0750 0184 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0750 0184 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0750 0184 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:44.0750 0184 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:44.0750 0184 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Tosha (21.11.2012 um 21:15 Uhr) |
|
22.11.2012, 13:32
| #2 |
| /// Helfer-Team  | GVU-Virus hat zugeschlagen Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - Startup: C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Microsoft Corporation)
[2012.11.21 00:49:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\fbDownloader
[2012.11.19 21:17:58 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\fabi\ms.exe
[2012.11.21 01:33:06 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.11.13 20:37:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[2012.11.13 20:37:51 | 000,001,064 | ---- | M] () -- C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk
:Files
C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Temp\wpbt0.dll
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\fabi\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\*.tmp
C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Temp\*.exe
C:\Dokumente und Einstellungen\fabi\*.exe
C:\Dokumente und Einstellungen\fabi\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\fabi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
19.01.2013, 16:34
| #3 |
| /// Helfer-Team | GVU-Virus hat zugeschlagen Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu GVU-Virus hat zugeschlagen |
| alternative, avast, bho, cdburnerxp, classpnp.sys, dvdvideosoft ltd., einstellungen, euro, explorer, firefox, fontcache, format, hal.dll, harddisk, helper, icq, infected, lanmanworkstation, log file, logfile, lsass.exe, microsoft, nvidia, pdfforge toolbar, performance, plug-in, policyagent, realtek, registry, required, scan, services.exe, sigcheck, software, temp, unsignedfile.multi.generic |
Linear-Darstellung
