Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.07.2013, 20:07   #1
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



Hallo,

ich habe auch den GVU.

Boot mit USB und FRST64.exe ausgeführt.

Log folgt unten. Rechner ist im Status Computer Reparieren - Eingabeaufforderung.

Info:
Das Problem ist heute 5.7.2013 erst aufgetreten.
(IkonMatrix ist ein Herstellerprogramm)

Danke Sebastian :-)

Log:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 05-07-2013 21:53:09
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-05-21] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files (x86)\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Services (Whitelisted) =================

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-15] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-15] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-05 21:52 - 2013-07-05 21:52 - 00000000 ____D C:\FRST
2013-07-05 11:38 - 2013-07-05 11:38 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-17 02:58 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 02:58 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 02:58 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 02:58 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 02:58 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 02:58 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 02:58 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 02:58 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 02:58 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 02:58 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 02:58 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 02:58 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:22 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:22 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:22 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:22 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:22 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:22 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:22 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:22 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 22:35 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:35 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:35 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:35 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:35 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:35 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:35 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:35 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:35 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:35 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:35 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:35 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:35 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:35 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:35 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 00:01 - 2013-06-12 01:01 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 03:56 - 2013-06-10 07:38 - 00015020 ____A C:\IkonMatrixError.log

==================== One Month Modified Files and Folders =======

2013-07-05 21:52 - 2013-07-05 21:52 - 00000000 ____D C:\FRST
2013-07-05 11:46 - 2013-02-16 03:21 - 00010783 ____A C:\Windows\setupact.log
2013-07-05 11:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 11:45 - 2010-11-10 11:04 - 01844183 ____A C:\Windows\WindowsUpdate.log
2013-07-05 11:45 - 2009-07-13 20:45 - 00014032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 11:45 - 2009-07-13 20:45 - 00014032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 11:43 - 2010-11-10 20:00 - 00712470 ____A C:\Windows\System32\perfh007.dat
2013-07-05 11:43 - 2010-11-10 20:00 - 00154972 ____A C:\Windows\System32\perfc007.dat
2013-07-05 11:43 - 2009-07-13 21:13 - 01656498 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 11:38 - 2013-07-05 11:38 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-05 07:01 - 2012-04-11 22:31 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 22:32 - 2010-11-12 12:38 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-18 22:53 - 2010-11-12 12:38 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-18 22:53 - 2010-11-12 12:38 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-14 07:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:22 - 2010-11-10 12:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 01:01 - 2013-06-12 00:01 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 01:01 - 2012-04-11 22:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 01:01 - 2011-07-14 22:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 07:38 - 2013-06-10 03:56 - 00015020 ____A C:\IkonMatrixError.log
2013-06-08 06:08 - 2013-06-17 02:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-17 02:58 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-17 02:58 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-17 02:58 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-17 02:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-17 02:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-17 02:58 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-17 02:58 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-17 02:58 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-17 02:58 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-17 02:58 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-17 02:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-05 03:24:23

==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 4055.11 MB
Available physical RAM: 3212.61 MB
Total Pagefile: 4053.26 MB
Available Pagefile: 3201.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:48.73 GB) (Free:2.41 GB) NTFS (Disk=0 Partition=2)
Drive d: (Backup) (Fixed) (Total:149.01 GB) (Free:20.3 GB) NTFS (Disk=1 Partition=1)
Drive f: (Daten) (Fixed) (Total:184 GB) (Free:176.67 GB) NTFS (Disk=0 Partition=3)
Drive g: (GSP1RMCHPXFREO_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive i: (HITMANPRO) (Removable) (Total:15.03 GB) (Free:15.01 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 70000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 23F12D67)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 9211CC8D)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-03 03:21

==================== End Of Log ============================
         
--- --- ---

Geändert von Ghostbear (05.07.2013 um 20:14 Uhr)

Alt 05.07.2013, 20:10   #2
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi,
was hat hitmanpro gefunden?
kannst du wieder in den normalen Modus? falls nein:
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 05.07.2013, 20:25   #3
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



Hi Markus,

danke für die schnelle Antwort.

Hitman hat nichts gefunden - da es leider nicht nach erfolgreichem Reboot die Netzwerkverbindung öffnen kann, um sich Aktualisierungen zu holen.

Deine Anleitung befolgt - funzt nicht, da Reatogo-X-PE einen BS nach dem WinXP-Logo bringt.

Anderer Versuch?

PC:
Marke Dell Vostro 430
Mainboard Dell Vostro 430
BIOS 240
Chipset Intel M55
Grafik Nvidia GeForce 310
LAN Broadcom 1000/100/10
Sound Realtek HD Audio
CPU Intel Core i5 750 @ 2,66 GHz
RAM 4096 MB
HDD 250 GB + 160 GB
Bemerkung JBOD

Sebastian
__________________

Alt 05.07.2013, 20:42   #4
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi,
starte mal neu, gehe ins Bios, geht meist bei Neustart über entf.
prüfe dort, ob der ide oder AHCI Mode gewählt ist, meist unter Advanced bzw SATA optionen zu finden,
Konfiguriere den jeweils gegenteiligen Modus und versuche die OTL CD erneut
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 21:16   #5
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



ähh ja da hätte ich auch selbst drauf kommen können.

Hier das OTL-Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/6/2013 1:51:28 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.27 Mb Free Space | 74.27% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 20.31 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive E: | 15.03 Gb Total Space | 15.01 Gb Free Space | 99.87% Space Free | Partition Type: FAT32
Drive F: | 48.73 Gb Total Space | 2.41 Gb Free Space | 4.95% Space Free | Partition Type: NTFS
Drive G: | 184.00 Gb Total Space | 176.67 Gb Free Space | 96.02% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/21 07:37:32 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto] -- F:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/13 05:29:56 | 004,154,208 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/12 05:01:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/18 06:38:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/19 07:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 14:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 14:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/19 02:53:01 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- F:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 22:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/03/04 21:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/03/04 21:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2013/01/29 12:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/11/19 07:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/11/19 07:10:36 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 10:23:40 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/05/21 07:37:20 | 000,013,832 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/05 23:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/22 03:17:17 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 03:17:16 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130619.021\eng64.sys -- (NAVENG)
DRV - [2013/02/15 11:29:22 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130619.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 05:45:11 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 02:39:45 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: F:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: F:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013/07/05 15:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013/02/16 04:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/18 06:38:29 | 000,000,000 | ---D | M]
 
[2013/05/18 06:38:33 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 06:38:33 | 000,000,000 | ---D | M] (Default) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ControlCenter3] F:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] F:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - F:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/06 01:52:59 | 000,000,000 | ---D | C] -- F:\FRST
[2013/07/05 15:38:58 | 000,000,000 | ---D | C] -- F:\Program Files\HitmanPro
[2013/07/05 15:38:39 | 000,000,000 | ---D | C] -- F:\ProgramData\HitmanPro
[2013/06/17 06:58:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/06/17 06:58:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/06/13 12:22:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/06/13 12:22:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/06/13 12:22:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/13 12:22:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/13 12:22:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/06/13 12:22:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/06/13 12:22:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/06/13 12:22:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/06/13 12:22:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/06/13 12:22:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/06/13 12:22:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/06/13 12:22:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/06/13 12:22:19 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/06/13 12:22:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/06/13 12:22:18 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/06/13 02:35:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32spl.dll
[2013/06/13 02:35:55 | 000,492,544 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\win32spl.dll
[2013/06/13 02:35:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cryptdlg.dll
[2013/06/13 02:35:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\cryptdlg.dll
[2013/06/13 02:35:51 | 001,424,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WindowsCodecs.dll
[2013/06/13 02:35:49 | 001,192,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\certutil.exe
[2013/06/13 02:35:48 | 001,464,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\crypt32.dll
[2013/06/13 02:35:48 | 000,903,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\certutil.exe
[2013/06/13 02:35:48 | 000,139,776 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cryptnet.dll
[2013/06/13 02:35:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\certenc.dll
[2013/06/13 02:35:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\certenc.dll
[2013/06/13 02:35:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d11.dll
[2013/06/13 02:35:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d11.dll
[2013/06/12 04:01:14 | 009,089,416 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/16 04:26:14 | 000,216,064 | ---- | C] ( ) -- F:\Windows\SysWow64\lagarith.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/05 15:47:40 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/07/05 15:46:14 | 3189,067,776 | -HS- | M] () -- F:\hiberfil.sys
[2013/07/05 15:45:09 | 000,014,032 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 15:45:09 | 000,014,032 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 15:43:00 | 000,712,470 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/07/05 15:43:00 | 000,665,470 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/07/05 15:43:00 | 000,154,972 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/07/05 15:43:00 | 000,126,994 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/07/05 11:01:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/05 10:47:24 | 000,163,058 | ---- | M] () -- F:\ProgramData\2433f433
[2013/06/21 04:34:59 | 000,001,108 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
[2013/06/20 02:32:19 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/06/19 02:53:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- F:\Windows\System32\drivers\SYMEVENT64x86.SYS
[2013/06/19 02:53:01 | 000,007,631 | ---- | M] () -- F:\Windows\System32\drivers\SYMEVENT64x86.CAT
[2013/06/19 02:53:01 | 000,000,854 | ---- | M] () -- F:\Windows\System32\drivers\SYMEVENT64x86.INF
[2013/06/12 05:01:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 05:01:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/12 05:01:08 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013/07/05 10:47:24 | 000,163,058 | ---- | C] () -- F:\ProgramData\2433f433
[2013/02/16 04:26:14 | 000,650,752 | ---- | C] () -- F:\Windows\SysWow64\xvidcore.dll
[2013/02/16 04:26:14 | 000,243,200 | ---- | C] () -- F:\Windows\SysWow64\xvidvfw.dll
[2013/02/16 04:26:13 | 000,112,640 | ---- | C] () -- F:\Windows\SysWow64\ff_vfw.dll
[2012/10/07 07:23:10 | 000,207,488 | ---- | C] () -- F:\Windows\SysWow64\LXPrnUtil10.dll
[2012/10/07 07:23:08 | 000,138,368 | ---- | C] () -- F:\Windows\SysWow64\LxDNTvmc100.dll
[2012/10/07 07:23:08 | 000,074,368 | ---- | C] () -- F:\Windows\SysWow64\LxDNTvm100.dll
[2012/10/07 07:23:06 | 000,318,592 | ---- | C] () -- F:\Windows\SysWow64\LxDNT100.dll
[2011/02/26 08:22:57 | 000,000,256 | ---- | C] () -- F:\Windows\Brpfx04a.ini
[2011/02/26 08:22:57 | 000,000,093 | ---- | C] () -- F:\Windows\brpcfx.ini
[2011/02/26 08:22:45 | 000,000,416 | ---- | C] () -- F:\Windows\BRWMARK.INI
[2011/02/26 08:19:09 | 000,106,496 | ---- | C] () -- F:\Windows\SysWow64\BrMuSNMP.dll
[2011/02/26 08:19:09 | 000,000,066 | ---- | C] () -- F:\Windows\Brfaxrx.ini
[2011/02/26 08:19:09 | 000,000,000 | ---- | C] () -- F:\Windows\brdfxspd.dat
[2011/02/26 08:18:46 | 000,045,056 | ---- | C] () -- F:\Windows\SysWow64\BRTCPCON.DLL
[2011/02/26 08:18:43 | 000,000,114 | ---- | C] () -- F:\Windows\SysWow64\BRLMW03A.INI
[2011/02/26 07:31:52 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/11/13 06:24:22 | 001,633,456 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/13 05:38:10 | 000,000,513 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/11/13 05:12:54 | 000,000,221 | ---- | C] () -- F:\Windows\ODBCINST.INI
[2010/11/10 17:01:16 | 000,178,688 | ---- | C] () -- F:\Windows\SysWow64\unrar.dll
[2010/10/21 09:18:46 | 000,303,104 | ---- | C] () -- F:\Windows\SysWow64\dnt27VC8.dll
[2010/10/21 09:16:58 | 000,143,360 | ---- | C] () -- F:\Windows\SysWow64\dntvmc27VC8.dll
[2010/10/21 09:16:34 | 000,086,016 | ---- | C] () -- F:\Windows\SysWow64\dntvm27VC8.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2008/07/22 16:27:42 | 000,061,440 | ---- | C] () -- F:\Windows\SysWow64\PTQL5F.DLL
[2001/12/12 08:41:36 | 000,041,472 | ---- | C] () -- F:\Windows\SysWow64\W32btstp.dll
[2001/12/12 08:41:36 | 000,025,088 | ---- | C] () -- F:\Windows\SysWow64\W32btxlt.dll
 
========== LOP Check ==========
 
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/07/05 02:41:10 | 000,000,000 | ---D | M] -- F:\ProgramData\Ask
[2013/02/16 06:21:11 | 000,000,000 | ---D | M] -- F:\ProgramData\BTrieve
[2013/02/16 04:23:01 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2013/07/05 15:38:39 | 000,000,000 | ---D | M] -- F:\ProgramData\HitmanPro
[2013/07/05 02:05:06 | 000,000,000 | ---D | M] -- F:\ProgramData\Lexware
[2012/01/02 12:40:30 | 000,000,000 | ---D | M] -- F:\ProgramData\SQL Anywhere 11
[2013/02/16 06:28:56 | 000,000,000 | ---D | M] -- F:\ProgramData\SQL Anywhere 12
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2011/01/12 18:02:33 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/11/10 15:46:50 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2011/02/26 08:05:23 | 000,000,000 | ---D | M] -- F:\88dfd798c5ff272c7f
[2010/11/10 15:36:57 | 000,000,000 | ---D | M] -- F:\Benutzer
[2010/11/10 15:52:47 | 000,000,000 | ---D | M] -- F:\dell
[2010/11/10 16:12:36 | 000,000,000 | ---D | M] -- F:\Dell Management Packs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2013/07/06 01:52:59 | 000,000,000 | ---D | M] -- F:\FRST
[2010/11/10 15:53:45 | 000,000,000 | ---D | M] -- F:\Intel
[2010/11/10 15:44:59 | 000,000,000 | ---D | M] -- F:\Microsoft
[2013/04/13 04:59:49 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2010/11/10 16:52:22 | 000,000,000 | ---D | M] -- F:\NVIDIA
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2013/07/05 15:38:58 | 000,000,000 | R--D | M] -- F:\Program Files
[2013/05/21 03:56:58 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2013/07/05 15:38:39 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\Programme
[2010/11/10 15:11:53 | 000,000,000 | -HSD | M] -- F:\Recovery
[2011/01/12 18:03:56 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2010/11/10 15:32:11 | 000,000,000 | ---D | M] -- F:\users
[2013/05/06 02:58:23 | 000,000,000 | ---D | M] -- F:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/19 23:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 00:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 00:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 00:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 00:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 00:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/19 23:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/19 23:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 00:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 00:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/19 23:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/19 23:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 00:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 00:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/19 23:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/19 23:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 00:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 00:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/19 23:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/19 23:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 00:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 00:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 00:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 00:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---


[/CODE]


Alt 05.07.2013, 21:27   #6
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



Hi,
nö wenn ihr alles selbst wüsstet, bräuchten wir das Forum nicht, also alles gut :-)
im folgenen Script "Name" durch deinen Nutzernamen ersetzen.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
f:\Users\name\AppData\Local\Temp\*.dll
f:\Users\EUPROCON\AppData\Local\Temp\*.exe
:Files
:Commands
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja,
gehe erst mal ins Bios, ändere den Modus wieder.
nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
weiterhin:
navigire zu c:\_otl öffne diesen, dann den ordner Movedfiles auswählen, rechtsklick, dann mit winrar oder zip packen.
und hier hochladen:
http://upload.trojaner-
Wenn der Ordner größer als 10 MB ist, zu sehen unter Rechtsklick, eigenschaften, dann hier hochladen:
File-Upload.net - Ihr kostenloser File Hoster!
und den Downloadlink an mich als private Nachicht
Wenn er größer ist als 100 MB noch mal melden
__________________
--> GVU Trojaner

Alt 05.07.2013, 21:44   #7
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



Das OTL war noch offen.
Fix eingetragen (Name ersetzt) und ausgeführt
Reboot.
Bios wieder auf AHCI.

GVU begrüßt mich.


Alt 05.07.2013, 21:46   #8
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



ok dann wieder Modus umstellen
von der otl cd starten, in den ordner _OTL navigieren und das/die logs posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 21:54   #9
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



oki hab reingesehen - es steht nix drin außer den Überschriften: OTL, Files, Commands

Alt 05.07.2013, 21:55   #10
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



wo ist das log? hast du es ausgeführt wie beschrieben, dann müsste mehr drinn stehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 21:57   #11
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



Ich lad es dir hoch. Bitte nochmal den vollständigen Uploadlink.

Btw: Der User heisst "Büro" kann es sein, dass hier das ü beim Fix anders geschrieben werden muss?

Alt 05.07.2013, 21:59   #12
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi eig muss der Nutzername so geschrieben werden, wie er im original ist.
http://upload.trojaner-board.de/]Uploadchannel
sorry für unvollständigen Link.
geht der Neustart wieder?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 22:01   #13
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



ist up.

Neustart habe ich nicht wieder versucht. Bezweifle, dass es klappt, da OTL nix gemacht hat.

Aktueller Status:
Boot von Reatodo
OTL offen

Wie du siehst, hatte ich im ersten fix versehentlich die manuellen Skripeinstellungen des Scans ausgeführt.

Alt 05.07.2013, 22:07   #14
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



logdateien hier im forum posten, laut log hast du nicht das ganze Script ausgeführt, es beginnt ab :OTL wobei du bei Name, den Nutzernamen des betroffenen Kontos einfügen must
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 22:09   #15
Ghostbear
 
GVU Trojaner - Standard

GVU Trojaner



Du hast mir das hier geschrieben:

:OTL
f:\Users\name\AppData\Local\Temp\*.dll
f:\Users\EUPROCON\AppData\Local\Temp\*.exe
:Files
:Commands
[Reboot]

Antwort

Themen zu GVU Trojaner
adobe, adobe flash player, association, audio, cdrom, check, computer, crypt, dvd, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, free, frst.txt, microsoft, norton internet security, realtek, registry, security, services.exe, svchost.exe, symantec, system, system32, trojaner, usb, winlogon.exe, wscript.exe




Zum Thema GVU Trojaner - Hallo, ich habe auch den GVU. Boot mit USB und FRST64.exe ausgeführt. Log folgt unten. Rechner ist im Status Computer Reparieren - Eingabeaufforderung. Info: Das Problem ist heute 5.7.2013 erst - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.