Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU-Trojaner auf einem unserer Rechner

GVU-Trojaner auf einem unserer Rechner


Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf einem unserer Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 04.06.2013, 18:54   #1
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Mein Freund hat sich den GVU-Trojaner auf seinem Rechner eingefangen. Betriebssystem ist Windows7. Es sind weitere saubere Rechner mit CD-Brenner hier. Ich hoffe ihr könnt mir helfen. Danke im Voraus, Anja

Alt 04.06.2013, 18:58   #2
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hi,
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________
Alt 04.06.2013, 19:37   #3
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Ich bin bis zum OTLPE-Icon doppelklicken gekommen. Dann öffnet sich ein Fenster in dem es heißt "Browse For Folder" und "Choose Windows Directory" und alle möglichen Laufwerke. Welches soll ich da wählen?
__________________
Alt 04.06.2013, 19:43   #4
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hi, klappe nacheinander alle laufwerke auf, suche den Ordner Wind bzw windows, und klicke dann drauf, danach gehts weiter :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 20:08   #5
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Das kam jetzt dabei rausOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/4/2013 9:49:54 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 100.00 Mb Total Space | 75.88 Mb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive G: | 910.41 Gb Total Space | 829.83 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
Drive H: | 20.00 Gb Total Space | 11.15 Gb Free Space | 55.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/14 16:39:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/30 15:13:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- G:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- G:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- G:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- G:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/28 18:01:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 18:03:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/29 09:44:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/06 22:12:04 | 000,172,032 | ---- | M] (AMD) [Auto] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/03 09:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto] -- G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 05:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- G:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/07/24 06:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- G:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2011/06/28 18:01:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:01:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/06 22:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/04/06 21:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/03/09 06:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/12/21 20:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/10/13 11:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/09/22 09:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/13 11:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/07/07 17:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- G:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/05 05:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- G:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Alex_ON_G\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_G\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: G:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: G:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: G:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: G:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: G:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - G:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - G:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - G:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - G:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - G:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] G:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] G:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LexwareInfoService] G:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] G:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] G:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKU\Alex_ON_G..\Run: [KPeerNexonEU] G:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\Alex_ON_G..\Run: [NexonEULauncher]  File not found
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: G:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Alex_ON_G Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Alex_ON_G Winlogon: Shell - (C:\Users\Alex\AppData\Roaming\skype.dat) - G:\Users\Alex\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 16:33:19 | 002,877,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2013/05/15 16:33:19 | 002,706,432 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
[2013/05/15 16:33:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript.dll
[2013/05/15 16:33:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013/05/15 16:33:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesetup.dll
[2013/05/15 16:33:18 | 000,039,424 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll
[2013/05/15 16:33:17 | 000,493,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeeds.dll
[2013/05/15 16:33:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesysprep.dll
[2013/05/15 16:33:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 16:33:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ie4uinit.exe
[2013/05/15 16:33:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iernonce.dll
[2013/05/15 10:06:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\authui.dll
[2013/05/15 10:06:27 | 000,101,720 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\consent.exe
[2013/05/15 10:06:20 | 002,347,520 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2013/05/15 10:06:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wwanprotdim.dll
[2013/05/15 10:05:56 | 000,218,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\drivers\dxgmms1.sys
[2013/05/10 08:45:02 | 000,000,000 | ---D | C] -- G:\Windows\Minidump
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/04 14:16:45 | 000,000,004 | ---- | M] () -- G:\Users\Alex\AppData\Roaming\skype.ini
[2013/06/04 13:39:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/04 13:37:00 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 13:03:52 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 13:03:52 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 13:00:44 | 000,654,150 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013/06/04 13:00:44 | 000,616,032 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013/06/04 13:00:44 | 000,130,022 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013/06/04 13:00:44 | 000,106,412 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013/06/04 12:56:36 | 000,001,090 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 12:56:33 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013/06/04 12:56:28 | 2616,696,832 | -HS- | M] () -- G:\hiberfil.sys
[2013/06/04 11:22:44 | 000,428,088 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2013/05/29 02:43:55 | 000,002,133 | ---- | M] () -- G:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/14 16:39:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 16:39:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/10 08:45:00 | 264,638,873 | ---- | M] () -- G:\Windows\MEMORY.DMP
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/04 11:40:57 | 000,000,004 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\skype.ini
[2013/05/10 08:45:00 | 264,638,873 | ---- | C] () -- G:\Windows\MEMORY.DMP
[2012/09/03 03:57:26 | 000,000,742 | ---- | C] () -- G:\Windows\wiso.ini
[2012/01/11 10:14:37 | 000,059,904 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\skype.dat
[2011/07/01 19:24:29 | 000,252,928 | ---- | C] () -- G:\Windows\System32\DShowRdpFilter.dll
[2010/07/25 15:56:34 | 000,775,101 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\mdbu.bin
[2010/07/24 05:09:44 | 000,000,400 | ---- | C] () -- G:\Windows\ODBC.INI
[2010/04/29 04:23:33 | 000,002,023 | ---- | C] () -- G:\Windows\System32\atipblag.dat
[2010/04/29 04:23:32 | 000,202,234 | ---- | C] () -- G:\Windows\System32\atiicdxx.dat
[2010/02/04 06:45:35 | 000,120,200 | ---- | C] () -- G:\Windows\System32\DLLDEV32i.dll
[2010/02/04 06:16:49 | 000,072,017 | ---- | C] () -- G:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/01/26 11:35:17 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2010/01/26 11:04:43 | 000,000,017 | ---- | C] () -- G:\Windows\System32\drivers\VERSION.DAT
[2010/01/26 10:48:27 | 000,073,728 | ---- | C] () -- G:\Windows\System32\RtNicProp32.dll
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- G:\Windows\System32\OGACheckControl.DLL
[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- G:\Windows\System32\OGAEXEC.exe
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,428,088 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- G:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2009/02/18 14:55:20 | 000,294,912 | ---- | C] () -- G:\Windows\System32\ATIODE.exe
[2009/02/03 17:52:02 | 000,045,056 | ---- | C] () -- G:\Windows\System32\ATIODCLI.exe
[2006/04/21 04:08:22 | 000,253,952 | ---- | C] () -- G:\Windows\System32\HtmlHelp.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- G:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/02/04 06:47:06 | 000,000,000 | ---D | M] -- G:\ProgramData\ALDI Sued Foto Service
[2010/02/04 06:48:41 | 000,000,000 | ---D | M] -- G:\ProgramData\Aldi Sued Fotoservice
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2010/08/25 06:29:57 | 000,000,000 | ---D | M] -- G:\ProgramData\BTrieve
[2013/02/07 06:09:29 | 000,000,000 | ---D | M] -- G:\ProgramData\Buhl Data Service GmbH
[2010/11/07 10:01:11 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonBJ
[2010/11/07 10:12:16 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonEPP
[2010/11/07 10:12:16 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJEPPEX2
[2010/11/07 10:09:01 | 000,000,000 | ---D | M] -- G:\ProgramData\CanonIJMSetup
[2010/11/07 10:12:05 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJMyPrinter
[2010/11/09 12:14:22 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJScan
[2010/11/07 10:12:19 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJSolutionMenuEX
[2010/11/07 10:08:55 | 000,000,000 | ---D | M] -- G:\ProgramData\CanonIJWSpt
[2012/10/28 04:14:09 | 000,000,000 | -H-D | M] -- G:\ProgramData\Common Files
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2011/04/03 13:01:27 | 000,000,000 | ---D | M] -- G:\ProgramData\kGi31001fKlOh31001
[2010/08/25 06:32:42 | 000,000,000 | ---D | M] -- G:\ProgramData\Lexware
[2010/02/04 06:46:47 | 000,000,000 | ---D | M] -- G:\ProgramData\MAGIX
[2012/11/17 05:08:22 | 000,000,000 | ---D | M] -- G:\ProgramData\Magix Shared
[2012/12/05 18:20:06 | 000,000,000 | ---D | M] -- G:\ProgramData\Nexon
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2011/04/03 13:12:34 | 000,000,000 | ---D | M] -- G:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2012/10/28 04:14:22 | 000,000,000 | ---D | M] -- G:\ProgramData\TuneUp Software
[2012/02/24 04:21:01 | 000,000,000 | ---D | M] -- G:\ProgramData\UUdb
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2013/01/19 15:27:07 | 000,000,000 | ---D | M] -- G:\ProgramData\Zylom
[2012/10/28 04:14:09 | 000,000,000 | -HSD | M] -- G:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/22 09:00:46 | 000,032,640 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/07/24 04:44:32 | 000,000,000 | -HSD | M] -- G:\$RECYCLE.BIN
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Dokumente und Einstellungen
[2013/02/20 14:49:35 | 000,000,000 | ---D | M] -- G:\Download
[2011/08/20 09:48:13 | 000,000,000 | ---D | M] -- G:\Firefox
[2012/12/05 14:27:20 | 000,000,000 | ---D | M] -- G:\Games
[2010/01/28 09:03:33 | 000,000,000 | RH-D | M] -- G:\MSOCache
[2010/10/07 16:22:01 | 000,000,000 | ---D | M] -- G:\Nexon
[2013/05/04 06:32:29 | 000,000,000 | R--D | M] -- G:\Program Files
[2013/02/16 02:48:03 | 000,000,000 | -H-D | M] -- G:\ProgramData
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Programme
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Recovery
[2013/06/02 19:06:17 | 000,000,000 | -HSD | M] -- G:\System Volume Information
[2010/07/24 04:44:13 | 000,000,000 | R--D | M] -- G:\Users
[2013/05/10 08:45:02 | 000,000,000 | ---D | M] -- G:\Windows
[2012/03/08 17:48:47 | 000,000,000 | ---D | M] -- G:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF}
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/16 10:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 10:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/15 20:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/15 20:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- G:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- G:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- G:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- G:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- G:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- G:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- G:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- G:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- G:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\shell32.dll
[1 G:\Windows\system32\*.tmp files -> G:\Windows\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> G:\ProgramData\Temp:DFC5A2B2
< End of report >
--- --- ---

Jetzt nochmal und hoffentlich richtig

Code:
ATTFilter
OTL logfile created on: 6/4/2013 9:49:54 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 100.00 Mb Total Space | 75.88 Mb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive G: | 910.41 Gb Total Space | 829.83 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
Drive H: | 20.00 Gb Total Space | 11.15 Gb Free Space | 55.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/14 16:39:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/30 15:13:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- G:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- G:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- G:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- G:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/28 18:01:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 18:03:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/29 09:44:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/06 22:12:04 | 000,172,032 | ---- | M] (AMD) [Auto] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/03 09:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto] -- G:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 05:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- G:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/07/24 06:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- G:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2011/06/28 18:01:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:01:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/06 22:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/04/06 21:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/03/09 06:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/12/21 20:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/10/13 11:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/09/22 09:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/13 11:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/07/07 17:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- G:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/05 05:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- G:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE - HKU\Alex_ON_G\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Alex_ON_G\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_G\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: G:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: G:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: G:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: G:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: G:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - G:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - G:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - G:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - G:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - G:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - G:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKU\Alex_ON_G\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] G:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] G:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LexwareInfoService] G:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] G:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] G:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKU\Alex_ON_G..\Run: [KPeerNexonEU] G:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\Alex_ON_G..\Run: [NexonEULauncher]  File not found
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: G:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Alex_ON_G Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Alex_ON_G Winlogon: Shell - (C:\Users\Alex\AppData\Roaming\skype.dat) - G:\Users\Alex\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 16:33:19 | 002,877,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2013/05/15 16:33:19 | 002,706,432 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtml.tlb
[2013/05/15 16:33:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript.dll
[2013/05/15 16:33:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013/05/15 16:33:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesetup.dll
[2013/05/15 16:33:18 | 000,039,424 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jsproxy.dll
[2013/05/15 16:33:17 | 000,493,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeeds.dll
[2013/05/15 16:33:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesysprep.dll
[2013/05/15 16:33:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 16:33:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ie4uinit.exe
[2013/05/15 16:33:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iernonce.dll
[2013/05/15 10:06:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\authui.dll
[2013/05/15 10:06:27 | 000,101,720 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\consent.exe
[2013/05/15 10:06:20 | 002,347,520 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2013/05/15 10:06:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wwanprotdim.dll
[2013/05/15 10:05:56 | 000,218,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\drivers\dxgmms1.sys
[2013/05/10 08:45:02 | 000,000,000 | ---D | C] -- G:\Windows\Minidump
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/04 14:16:45 | 000,000,004 | ---- | M] () -- G:\Users\Alex\AppData\Roaming\skype.ini
[2013/06/04 13:39:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/04 13:37:00 | 000,001,094 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 13:03:52 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 13:03:52 | 000,010,096 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 13:00:44 | 000,654,150 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013/06/04 13:00:44 | 000,616,032 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013/06/04 13:00:44 | 000,130,022 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013/06/04 13:00:44 | 000,106,412 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013/06/04 12:56:36 | 000,001,090 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 12:56:33 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013/06/04 12:56:28 | 2616,696,832 | -HS- | M] () -- G:\hiberfil.sys
[2013/06/04 11:22:44 | 000,428,088 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2013/05/29 02:43:55 | 000,002,133 | ---- | M] () -- G:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/14 16:39:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 16:39:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/10 08:45:00 | 264,638,873 | ---- | M] () -- G:\Windows\MEMORY.DMP
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/04 11:40:57 | 000,000,004 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\skype.ini
[2013/05/10 08:45:00 | 264,638,873 | ---- | C] () -- G:\Windows\MEMORY.DMP
[2012/09/03 03:57:26 | 000,000,742 | ---- | C] () -- G:\Windows\wiso.ini
[2012/01/11 10:14:37 | 000,059,904 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\skype.dat
[2011/07/01 19:24:29 | 000,252,928 | ---- | C] () -- G:\Windows\System32\DShowRdpFilter.dll
[2010/07/25 15:56:34 | 000,775,101 | ---- | C] () -- G:\Users\Alex\AppData\Roaming\mdbu.bin
[2010/07/24 05:09:44 | 000,000,400 | ---- | C] () -- G:\Windows\ODBC.INI
[2010/04/29 04:23:33 | 000,002,023 | ---- | C] () -- G:\Windows\System32\atipblag.dat
[2010/04/29 04:23:32 | 000,202,234 | ---- | C] () -- G:\Windows\System32\atiicdxx.dat
[2010/02/04 06:45:35 | 000,120,200 | ---- | C] () -- G:\Windows\System32\DLLDEV32i.dll
[2010/02/04 06:16:49 | 000,072,017 | ---- | C] () -- G:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/01/26 11:35:17 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2010/01/26 11:04:43 | 000,000,017 | ---- | C] () -- G:\Windows\System32\drivers\VERSION.DAT
[2010/01/26 10:48:27 | 000,073,728 | ---- | C] () -- G:\Windows\System32\RtNicProp32.dll
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- G:\Windows\System32\OGACheckControl.DLL
[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- G:\Windows\System32\OGAEXEC.exe
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,428,088 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- G:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2009/02/18 14:55:20 | 000,294,912 | ---- | C] () -- G:\Windows\System32\ATIODE.exe
[2009/02/03 17:52:02 | 000,045,056 | ---- | C] () -- G:\Windows\System32\ATIODCLI.exe
[2006/04/21 04:08:22 | 000,253,952 | ---- | C] () -- G:\Windows\System32\HtmlHelp.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- G:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/02/04 06:47:06 | 000,000,000 | ---D | M] -- G:\ProgramData\ALDI Sued Foto Service
[2010/02/04 06:48:41 | 000,000,000 | ---D | M] -- G:\ProgramData\Aldi Sued Fotoservice
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2010/08/25 06:29:57 | 000,000,000 | ---D | M] -- G:\ProgramData\BTrieve
[2013/02/07 06:09:29 | 000,000,000 | ---D | M] -- G:\ProgramData\Buhl Data Service GmbH
[2010/11/07 10:01:11 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonBJ
[2010/11/07 10:12:16 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonEPP
[2010/11/07 10:12:16 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJEPPEX2
[2010/11/07 10:09:01 | 000,000,000 | ---D | M] -- G:\ProgramData\CanonIJMSetup
[2010/11/07 10:12:05 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJMyPrinter
[2010/11/09 12:14:22 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJScan
[2010/11/07 10:12:19 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonIJSolutionMenuEX
[2010/11/07 10:08:55 | 000,000,000 | ---D | M] -- G:\ProgramData\CanonIJWSpt
[2012/10/28 04:14:09 | 000,000,000 | -H-D | M] -- G:\ProgramData\Common Files
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2011/04/03 13:01:27 | 000,000,000 | ---D | M] -- G:\ProgramData\kGi31001fKlOh31001
[2010/08/25 06:32:42 | 000,000,000 | ---D | M] -- G:\ProgramData\Lexware
[2010/02/04 06:46:47 | 000,000,000 | ---D | M] -- G:\ProgramData\MAGIX
[2012/11/17 05:08:22 | 000,000,000 | ---D | M] -- G:\ProgramData\Magix Shared
[2012/12/05 18:20:06 | 000,000,000 | ---D | M] -- G:\ProgramData\Nexon
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2011/04/03 13:12:34 | 000,000,000 | ---D | M] -- G:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2012/10/28 04:14:22 | 000,000,000 | ---D | M] -- G:\ProgramData\TuneUp Software
[2012/02/24 04:21:01 | 000,000,000 | ---D | M] -- G:\ProgramData\UUdb
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2013/01/19 15:27:07 | 000,000,000 | ---D | M] -- G:\ProgramData\Zylom
[2012/10/28 04:14:09 | 000,000,000 | -HSD | M] -- G:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/22 09:00:46 | 000,032,640 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/07/24 04:44:32 | 000,000,000 | -HSD | M] -- G:\$RECYCLE.BIN
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Dokumente und Einstellungen
[2013/02/20 14:49:35 | 000,000,000 | ---D | M] -- G:\Download
[2011/08/20 09:48:13 | 000,000,000 | ---D | M] -- G:\Firefox
[2012/12/05 14:27:20 | 000,000,000 | ---D | M] -- G:\Games
[2010/01/28 09:03:33 | 000,000,000 | RH-D | M] -- G:\MSOCache
[2010/10/07 16:22:01 | 000,000,000 | ---D | M] -- G:\Nexon
[2013/05/04 06:32:29 | 000,000,000 | R--D | M] -- G:\Program Files
[2013/02/16 02:48:03 | 000,000,000 | -H-D | M] -- G:\ProgramData
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Programme
[2010/07/24 04:43:07 | 000,000,000 | -HSD | M] -- G:\Recovery
[2013/06/02 19:06:17 | 000,000,000 | -HSD | M] -- G:\System Volume Information
[2010/07/24 04:44:13 | 000,000,000 | R--D | M] -- G:\Users
[2013/05/10 08:45:02 | 000,000,000 | ---D | M] -- G:\Windows
[2012/03/08 17:48:47 | 000,000,000 | ---D | M] -- G:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF}
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- G:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- G:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/16 10:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 10:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/15 20:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/15 20:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- G:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- G:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- G:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- G:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- G:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- G:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- G:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- G:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- G:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- G:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- G:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- G:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- G:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- G:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 13:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- G:\Users\Alex\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- G:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\system32\shell32.dll
[1 G:\Windows\system32\*.tmp files -> G:\Windows\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> G:\ProgramData\Temp:DFC5A2B2
< End of report >
Eine zweite Datei finde ich leider nicht.


Alt 05.06.2013, 12:11   #6
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O20 - HKU\Alex_ON_G Winlogon: Shell - (C:\Users\Alex\AppData\Roaming\skype.dat) - G:\Users\Alex\AppData\Roaming\skype.dat ()
[2013/06/04 14:16:45 | 000,000,004 | ---- | M] () -- G:\Users\Alex\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> GVU-Trojaner auf einem unserer Rechner

Alt 05.06.2013, 13:26   #7
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hab die Movedfiles.zip mit dem 7-Zip File Manager gemacht, da das mit dem Senden an nicht ging. Da ist Zip.Komprimierter Ordner nicht erschienen. Hoffe das war in Ordnung. Der Upload ging problemlos. Aber der PC ist nicht neu gestartet. Hoffe ich haette das nicht manuell machen sollen, denn das hab ich nicht.

Alt 05.06.2013, 13:27   #8
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


dann starte mal manuell neu.
wenn du wieder in den normalen Modus kommst:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 13:55   #9
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


so, hier die log-Datei

Code:
ATTFilter
16:48:08.0621 6016  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:48:08.0746 6016  ============================================================
16:48:08.0746 6016  Current date / time: 2013/06/05 16:48:08.0746
16:48:08.0747 6016  SystemInfo:
16:48:08.0747 6016  
16:48:08.0747 6016  OS Version: 6.1.7601 ServicePack: 1.0
16:48:08.0747 6016  Product type: Workstation
16:48:08.0747 6016  ComputerName: ALEX-PC
16:48:08.0747 6016  UserName: Alex
16:48:08.0747 6016  Windows directory: C:\Windows
16:48:08.0747 6016  System windows directory: C:\Windows
16:48:08.0748 6016  Processor architecture: Intel x86
16:48:08.0748 6016  Number of processors: 4
16:48:08.0748 6016  Page size: 0x1000
16:48:08.0748 6016  Boot type: Normal boot
16:48:08.0748 6016  ============================================================
16:48:09.0579 6016  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
16:48:09.0596 6016  ============================================================
16:48:09.0596 6016  \Device\Harddisk0\DR0:
16:48:09.0596 6016  MBR partitions:
16:48:09.0596 6016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:48:09.0596 6016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3800
16:48:09.0597 6016  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D06000, BlocksNum 0x2800000
16:48:09.0597 6016  ============================================================
16:48:09.0620 6016  C: <-> \Device\Harddisk0\DR0\Partition2
16:48:09.0663 6016  D: <-> \Device\Harddisk0\DR0\Partition3
16:48:09.0664 6016  ============================================================
16:48:09.0664 6016  Initialize success
16:48:09.0664 6016  ============================================================
16:48:49.0152 6140  ============================================================
16:48:49.0152 6140  Scan started
16:48:49.0153 6140  Mode: Manual; SigCheck; TDLFS; 
16:48:49.0153 6140  ============================================================
16:48:50.0434 6140  ================ Scan system memory ========================
16:48:50.0434 6140  System memory - ok
16:48:50.0434 6140  ================ Scan services =============================
16:48:50.0585 6140  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:48:50.0733 6140  1394ohci - ok
16:48:50.0785 6140  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:48:50.0813 6140  ACPI - ok
16:48:50.0868 6140  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:48:50.0952 6140  AcpiPmi - ok
16:48:51.0028 6140  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:51.0087 6140  AdobeFlashPlayerUpdateSvc - ok
16:48:51.0121 6140  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:51.0152 6140  adp94xx - ok
16:48:51.0177 6140  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:48:51.0198 6140  adpahci - ok
16:48:51.0219 6140  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:48:51.0236 6140  adpu320 - ok
16:48:51.0254 6140  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:48:51.0352 6140  AeLookupSvc - ok
16:48:51.0401 6140  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:48:51.0463 6140  AFD - ok
16:48:51.0490 6140  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:48:51.0529 6140  agp440 - ok
16:48:51.0540 6140  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:48:51.0567 6140  aic78xx - ok
16:48:51.0609 6140  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:48:51.0666 6140  ALG - ok
16:48:51.0687 6140  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:48:51.0709 6140  aliide - ok
16:48:51.0742 6140  [ 8570625CA5DBD8083BEA7CB73065B53D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:48:51.0803 6140  AMD External Events Utility - ok
16:48:51.0831 6140  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:48:51.0872 6140  amdagp - ok
16:48:51.0887 6140  [ 211FCE336502911EC03FC15A91344C98 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:48:51.0912 6140  amdide - ok
16:48:51.0930 6140  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:48:51.0951 6140  AmdK8 - ok
16:48:52.0064 6140  [ C22BDFCBED2596692096F85A9BF54358 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:52.0364 6140  amdkmdag - ok
16:48:52.0392 6140  [ CC6A16CE23DBC94A59F8E821558D5754 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:48:52.0422 6140  amdkmdap - ok
16:48:52.0440 6140  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:48:52.0473 6140  AmdPPM - ok
16:48:52.0492 6140  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
16:48:52.0510 6140  amdsata - ok
16:48:52.0526 6140  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:52.0548 6140  amdsbs - ok
16:48:52.0568 6140  [ E27866684780606BCCE640A57937D88A ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
16:48:52.0584 6140  amdxata - ok
16:48:52.0675 6140  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:48:52.0718 6140  AntiVirSchedulerService - ok
16:48:52.0756 6140  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:48:52.0769 6140  AntiVirService - ok
16:48:52.0801 6140  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:48:52.0918 6140  AppID - ok
16:48:52.0950 6140  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:48:53.0008 6140  AppIDSvc - ok
16:48:53.0035 6140  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
16:48:53.0091 6140  Appinfo - ok
16:48:53.0121 6140  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:48:53.0165 6140  arc - ok
16:48:53.0184 6140  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:48:53.0206 6140  arcsas - ok
16:48:53.0226 6140  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:53.0337 6140  AsyncMac - ok
16:48:53.0373 6140  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:48:53.0386 6140  atapi - ok
16:48:53.0471 6140  [ C822C615B2F693EF4E5B355432976A81 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:48:53.0532 6140  AtiHdmiService - ok
16:48:53.0560 6140  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
16:48:53.0575 6140  AtiPcie - ok
16:48:53.0606 6140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:53.0662 6140  AudioEndpointBuilder - ok
16:48:53.0670 6140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:48:53.0693 6140  Audiosrv - ok
16:48:53.0736 6140  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:48:53.0750 6140  avgntflt - ok
16:48:53.0769 6140  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:48:53.0786 6140  avipbb - ok
16:48:53.0818 6140  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:48:53.0940 6140  AxInstSV - ok
16:48:53.0980 6140  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:48:54.0070 6140  b06bdrv - ok
16:48:54.0084 6140  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:48:54.0111 6140  b57nd60x - ok
16:48:54.0180 6140  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:48:54.0230 6140  BBSvc - ok
16:48:54.0255 6140  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:48:54.0271 6140  BBUpdate - ok
16:48:54.0287 6140  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:48:54.0323 6140  BDESVC - ok
16:48:54.0345 6140  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:48:54.0377 6140  Beep - ok
16:48:54.0421 6140  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:48:54.0459 6140  BFE - ok
16:48:54.0491 6140  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:48:54.0545 6140  BITS - ok
16:48:54.0565 6140  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:54.0589 6140  blbdrive - ok
16:48:54.0619 6140  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:48:54.0700 6140  bowser - ok
16:48:54.0717 6140  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:54.0755 6140  BrFiltLo - ok
16:48:54.0771 6140  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:54.0833 6140  BrFiltUp - ok
16:48:54.0869 6140  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:48:54.0945 6140  Browser - ok
16:48:54.0964 6140  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:48:55.0027 6140  Brserid - ok
16:48:55.0044 6140  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:55.0081 6140  BrSerWdm - ok
16:48:55.0102 6140  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:55.0138 6140  BrUsbMdm - ok
16:48:55.0159 6140  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:55.0191 6140  BrUsbSer - ok
16:48:55.0210 6140  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:55.0237 6140  BTHMODEM - ok
16:48:55.0256 6140  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:48:55.0284 6140  bthserv - ok
16:48:55.0304 6140  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:48:55.0331 6140  cdfs - ok
16:48:55.0365 6140  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:48:55.0427 6140  cdrom - ok
16:48:55.0475 6140  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:48:55.0530 6140  CertPropSvc - ok
16:48:55.0536 6140  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:48:55.0554 6140  circlass - ok
16:48:55.0573 6140  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:48:55.0592 6140  CLFS - ok
16:48:55.0643 6140  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:55.0687 6140  clr_optimization_v2.0.50727_32 - ok
16:48:55.0764 6140  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:55.0811 6140  clr_optimization_v4.0.30319_32 - ok
16:48:55.0828 6140  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:55.0883 6140  CmBatt - ok
16:48:55.0899 6140  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:48:55.0922 6140  cmdide - ok
16:48:55.0965 6140  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:48:56.0020 6140  CNG - ok
16:48:56.0036 6140  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:48:56.0099 6140  Compbatt - ok
16:48:56.0146 6140  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:48:56.0204 6140  CompositeBus - ok
16:48:56.0220 6140  COMSysApp - ok
16:48:56.0234 6140  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:56.0252 6140  crcdisk - ok
16:48:56.0295 6140  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:48:56.0380 6140  CryptSvc - ok
16:48:56.0422 6140  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:48:56.0479 6140  DcomLaunch - ok
16:48:56.0510 6140  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:48:56.0582 6140  defragsvc - ok
16:48:56.0621 6140  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:48:56.0752 6140  DfsC - ok
16:48:56.0770 6140  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:48:56.0813 6140  Dhcp - ok
16:48:56.0831 6140  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:48:56.0863 6140  discache - ok
16:48:56.0888 6140  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:48:56.0905 6140  Disk - ok
16:48:56.0932 6140  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:48:56.0978 6140  Dnscache - ok
16:48:57.0004 6140  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:48:57.0050 6140  dot3svc - ok
16:48:57.0068 6140  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:48:57.0103 6140  DPS - ok
16:48:57.0132 6140  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:48:57.0174 6140  drmkaud - ok
16:48:57.0281 6140  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:48:57.0379 6140  DXGKrnl - ok
16:48:57.0407 6140  EagleNT - ok
16:48:57.0420 6140  EagleXNt - ok
16:48:57.0449 6140  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:48:57.0482 6140  EapHost - ok
16:48:57.0581 6140  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:48:57.0742 6140  ebdrv - ok
16:48:57.0771 6140  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:48:57.0844 6140  EFS - ok
16:48:57.0906 6140  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:48:57.0991 6140  ehRecvr - ok
16:48:58.0012 6140  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:48:58.0080 6140  ehSched - ok
16:48:58.0117 6140  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:48:58.0157 6140  elxstor - ok
16:48:58.0182 6140  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:48:58.0239 6140  ErrDev - ok
16:48:58.0272 6140  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:48:58.0311 6140  EventSystem - ok
16:48:58.0351 6140  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:48:58.0429 6140  exfat - ok
16:48:58.0453 6140  Fabs - ok
16:48:58.0459 6140  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:48:58.0488 6140  fastfat - ok
16:48:58.0542 6140  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:48:58.0606 6140  Fax - ok
16:48:58.0624 6140  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:48:58.0659 6140  fdc - ok
16:48:58.0695 6140  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:48:58.0750 6140  fdPHost - ok
16:48:58.0783 6140  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:48:58.0838 6140  FDResPub - ok
16:48:58.0853 6140  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:48:58.0868 6140  FileInfo - ok
16:48:58.0878 6140  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:48:58.0904 6140  Filetrace - ok
16:48:58.0963 6140  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:48:59.0111 6140  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:48:59.0111 6140  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:48:59.0141 6140  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:59.0200 6140  flpydisk - ok
16:48:59.0233 6140  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:48:59.0282 6140  FltMgr - ok
16:48:59.0371 6140  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
16:48:59.0460 6140  FontCache - ok
16:48:59.0500 6140  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:59.0532 6140  FontCache3.0.0.0 - ok
16:48:59.0544 6140  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:48:59.0569 6140  FsDepends - ok
16:48:59.0595 6140  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:48:59.0618 6140  Fs_Rec - ok
16:48:59.0656 6140  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:48:59.0681 6140  fvevol - ok
16:48:59.0707 6140  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:59.0722 6140  gagp30kx - ok
16:48:59.0766 6140  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:48:59.0817 6140  gpsvc - ok
16:48:59.0971 6140  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:48:59.0997 6140  gupdate - ok
16:49:00.0006 6140  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:49:00.0023 6140  gupdatem - ok
16:49:00.0047 6140  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:49:00.0069 6140  gusvc - ok
16:49:00.0091 6140  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:49:00.0168 6140  hcw85cir - ok
16:49:00.0196 6140  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:49:00.0255 6140  HdAudAddService - ok
16:49:00.0280 6140  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:49:00.0310 6140  HDAudBus - ok
16:49:00.0328 6140  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:49:00.0364 6140  HidBatt - ok
16:49:00.0381 6140  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:49:00.0420 6140  HidBth - ok
16:49:00.0462 6140  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:49:00.0503 6140  HidIr - ok
16:49:00.0539 6140  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:49:00.0587 6140  hidserv - ok
16:49:00.0613 6140  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:49:00.0645 6140  HidUsb - ok
16:49:00.0678 6140  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:49:00.0727 6140  hkmsvc - ok
16:49:00.0762 6140  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:49:00.0855 6140  HomeGroupListener - ok
16:49:00.0909 6140  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:49:00.0970 6140  HomeGroupProvider - ok
16:49:01.0035 6140  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:49:01.0086 6140  HpSAMD - ok
16:49:01.0183 6140  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:49:01.0238 6140  HTTP - ok
16:49:01.0273 6140  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:49:01.0298 6140  hwpolicy - ok
16:49:01.0337 6140  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:49:01.0374 6140  i8042prt - ok
16:49:01.0403 6140  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:49:01.0434 6140  iaStorV - ok
16:49:01.0495 6140  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:49:01.0623 6140  idsvc - ok
16:49:01.0661 6140  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:49:01.0696 6140  iirsp - ok
16:49:01.0760 6140  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:49:01.0818 6140  IKEEXT - ok
16:49:01.0915 6140  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:49:02.0078 6140  IntcAzAudAddService - ok
16:49:02.0120 6140  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:49:02.0158 6140  intelide - ok
16:49:02.0189 6140  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:49:02.0243 6140  intelppm - ok
16:49:02.0269 6140  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:49:02.0327 6140  IPBusEnum - ok
16:49:02.0370 6140  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:49:02.0660 6140  IpFilterDriver - ok
16:49:02.0711 6140  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:49:02.0819 6140  iphlpsvc - ok
16:49:02.0829 6140  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:49:02.0866 6140  IPMIDRV - ok
16:49:02.0872 6140  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:49:02.0925 6140  IPNAT - ok
16:49:02.0944 6140  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:49:02.0974 6140  IRENUM - ok
16:49:02.0983 6140  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:49:02.0999 6140  isapnp - ok
16:49:03.0014 6140  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:49:03.0036 6140  iScsiPrt - ok
16:49:03.0051 6140  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:49:03.0066 6140  kbdclass - ok
16:49:03.0097 6140  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:49:03.0124 6140  kbdhid - ok
16:49:03.0140 6140  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:49:03.0150 6140  KeyIso - ok
16:49:03.0175 6140  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:49:03.0191 6140  KSecDD - ok
16:49:03.0227 6140  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:49:03.0265 6140  KSecPkg - ok
16:49:03.0297 6140  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:49:03.0355 6140  KtmRm - ok
16:49:03.0376 6140  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:49:03.0418 6140  LanmanServer - ok
16:49:03.0430 6140  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:49:03.0470 6140  LanmanWorkstation - ok
16:49:03.0499 6140  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:49:03.0531 6140  lltdio - ok
16:49:03.0545 6140  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:49:03.0586 6140  lltdsvc - ok
16:49:03.0602 6140  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:49:03.0660 6140  lmhosts - ok
16:49:03.0684 6140  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:49:03.0701 6140  LSI_FC - ok
16:49:03.0716 6140  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:49:03.0733 6140  LSI_SAS - ok
16:49:03.0753 6140  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:49:03.0768 6140  LSI_SAS2 - ok
16:49:03.0777 6140  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:49:03.0793 6140  LSI_SCSI - ok
16:49:03.0808 6140  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:49:03.0830 6140  luafv - ok
16:49:03.0914 6140  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
16:49:03.0962 6140  McComponentHostService - ok
16:49:04.0017 6140  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:49:04.0077 6140  Mcx2Svc - ok
16:49:04.0100 6140  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:49:04.0124 6140  megasas - ok
16:49:04.0150 6140  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:49:04.0182 6140  MegaSR - ok
16:49:04.0237 6140  [ 6F4D79EA861137EF2F9078E265C2AA83 ] Mkd2kfNt        C:\Windows\system32\drivers\Mkd2kfNt.sys
16:49:04.0291 6140  Mkd2kfNt ( UnsignedFile.Multi.Generic ) - warning
16:49:04.0291 6140  Mkd2kfNt - detected UnsignedFile.Multi.Generic (1)
16:49:04.0317 6140  [ FE7925784F6801E983B41EC118EF62AC ] Mkd2Nadr        C:\Windows\system32\drivers\Mkd2Nadr.sys
16:49:04.0352 6140  Mkd2Nadr ( UnsignedFile.Multi.Generic ) - warning
16:49:04.0352 6140  Mkd2Nadr - detected UnsignedFile.Multi.Generic (1)
16:49:04.0372 6140  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:49:04.0438 6140  MMCSS - ok
16:49:04.0459 6140  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:49:04.0491 6140  Modem - ok
16:49:04.0502 6140  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:49:04.0528 6140  monitor - ok
16:49:04.0548 6140  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:49:04.0563 6140  mouclass - ok
16:49:04.0575 6140  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:49:04.0602 6140  mouhid - ok
16:49:04.0621 6140  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:49:04.0631 6140  mountmgr - ok
16:49:04.0648 6140  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:49:04.0678 6140  mpio - ok
16:49:04.0697 6140  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:49:04.0732 6140  mpsdrv - ok
16:49:04.0799 6140  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:49:04.0866 6140  MpsSvc - ok
16:49:04.0908 6140  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:49:04.0962 6140  MRxDAV - ok
16:49:04.0996 6140  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:49:05.0043 6140  mrxsmb - ok
16:49:05.0070 6140  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:49:05.0105 6140  mrxsmb10 - ok
16:49:05.0111 6140  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:49:05.0145 6140  mrxsmb20 - ok
16:49:05.0172 6140  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:49:05.0191 6140  msahci - ok
16:49:05.0203 6140  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:49:05.0226 6140  msdsm - ok
16:49:05.0244 6140  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:49:05.0291 6140  MSDTC - ok
16:49:05.0312 6140  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:49:05.0345 6140  Msfs - ok
16:49:05.0362 6140  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:49:05.0396 6140  mshidkmdf - ok
16:49:05.0407 6140  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:49:05.0421 6140  msisadrv - ok
16:49:05.0439 6140  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:49:05.0478 6140  MSiSCSI - ok
16:49:05.0482 6140  msiserver - ok
16:49:05.0502 6140  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:49:05.0526 6140  MSKSSRV - ok
16:49:05.0547 6140  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:49:05.0601 6140  MSPCLOCK - ok
16:49:05.0620 6140  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:49:05.0656 6140  MSPQM - ok
16:49:05.0671 6140  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:49:05.0689 6140  MsRPC - ok
16:49:05.0704 6140  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:49:05.0713 6140  mssmbios - ok
16:49:05.0723 6140  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:49:05.0754 6140  MSTEE - ok
16:49:05.0758 6140  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:49:05.0771 6140  MTConfig - ok
16:49:05.0779 6140  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:49:05.0794 6140  Mup - ok
16:49:05.0820 6140  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:49:05.0845 6140  napagent - ok
16:49:05.0865 6140  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:49:05.0898 6140  NativeWifiP - ok
16:49:05.0955 6140  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:49:05.0993 6140  NDIS - ok
16:49:06.0008 6140  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:49:06.0033 6140  NdisCap - ok
16:49:06.0053 6140  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:49:06.0076 6140  NdisTapi - ok
16:49:06.0110 6140  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:49:06.0170 6140  Ndisuio - ok
16:49:06.0188 6140  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:49:06.0244 6140  NdisWan - ok
16:49:06.0276 6140  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:49:06.0318 6140  NDProxy - ok
16:49:06.0331 6140  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:49:06.0389 6140  NetBIOS - ok
16:49:06.0418 6140  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:49:06.0477 6140  NetBT - ok
16:49:06.0495 6140  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:49:06.0508 6140  Netlogon - ok
16:49:06.0544 6140  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:49:06.0592 6140  Netman - ok
16:49:06.0601 6140  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:49:06.0664 6140  netprofm - ok
16:49:06.0680 6140  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:49:06.0705 6140  NetTcpPortSharing - ok
16:49:06.0743 6140  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:49:06.0785 6140  nfrd960 - ok
16:49:06.0818 6140  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:49:06.0855 6140  NlaSvc - ok
16:49:06.0866 6140  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:49:06.0900 6140  Npfs - ok
16:49:06.0918 6140  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:49:06.0988 6140  nsi - ok
16:49:07.0003 6140  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:49:07.0032 6140  nsiproxy - ok
16:49:07.0082 6140  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:49:07.0215 6140  Ntfs - ok
16:49:07.0244 6140  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:49:07.0270 6140  Null - ok
16:49:07.0288 6140  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:49:07.0366 6140  nvraid - ok
16:49:07.0398 6140  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:49:07.0421 6140  nvstor - ok
16:49:07.0444 6140  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:49:07.0466 6140  nv_agp - ok
16:49:07.0525 6140  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:49:07.0586 6140  odserv - ok
16:49:07.0602 6140  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:49:07.0638 6140  ohci1394 - ok
16:49:07.0658 6140  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:49:07.0687 6140  ose - ok
16:49:07.0717 6140  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:49:07.0791 6140  p2pimsvc - ok
16:49:07.0814 6140  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:49:07.0850 6140  p2psvc - ok
16:49:07.0871 6140  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:49:07.0898 6140  Parport - ok
16:49:07.0921 6140  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:49:07.0936 6140  partmgr - ok
16:49:07.0957 6140  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:49:08.0022 6140  Parvdm - ok
16:49:08.0045 6140  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:49:08.0064 6140  PcaSvc - ok
16:49:08.0090 6140  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:49:08.0112 6140  pci - ok
16:49:08.0148 6140  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:49:08.0220 6140  pciide - ok
16:49:08.0251 6140  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:49:08.0283 6140  pcmcia - ok
16:49:08.0295 6140  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:49:08.0311 6140  pcw - ok
16:49:08.0329 6140  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:49:08.0381 6140  PEAUTH - ok
16:49:08.0437 6140  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:49:08.0504 6140  pla - ok
16:49:08.0540 6140  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:49:08.0585 6140  PlugPlay - ok
16:49:08.0595 6140  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:49:08.0615 6140  PNRPAutoReg - ok
16:49:08.0634 6140  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:49:08.0650 6140  PNRPsvc - ok
16:49:08.0672 6140  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:49:08.0704 6140  PolicyAgent - ok
16:49:08.0723 6140  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:49:08.0745 6140  Power - ok
16:49:08.0785 6140  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:49:08.0856 6140  PptpMiniport - ok
16:49:08.0884 6140  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:49:08.0971 6140  Processor - ok
16:49:09.0010 6140  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:49:09.0071 6140  ProfSvc - ok
16:49:09.0085 6140  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:49:09.0102 6140  ProtectedStorage - ok
16:49:09.0142 6140  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:49:09.0192 6140  Psched - ok
16:49:09.0221 6140  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:49:09.0237 6140  PSI_SVC_2 - ok
16:49:09.0273 6140  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:49:09.0334 6140  ql2300 - ok
16:49:09.0362 6140  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:49:09.0381 6140  ql40xx - ok
16:49:09.0398 6140  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:49:09.0421 6140  QWAVE - ok
16:49:09.0432 6140  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:49:09.0448 6140  QWAVEdrv - ok
16:49:09.0461 6140  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:49:09.0495 6140  RasAcd - ok
16:49:09.0523 6140  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:49:09.0592 6140  RasAgileVpn - ok
16:49:09.0613 6140  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:49:09.0649 6140  RasAuto - ok
16:49:09.0665 6140  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:49:09.0701 6140  Rasl2tp - ok
16:49:09.0751 6140  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:49:09.0857 6140  RasMan - ok
16:49:09.0874 6140  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:49:09.0911 6140  RasPppoe - ok
16:49:09.0928 6140  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:49:10.0004 6140  RasSstp - ok
16:49:10.0025 6140  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:49:10.0065 6140  rdbss - ok
16:49:10.0092 6140  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:49:10.0107 6140  rdpbus - ok
16:49:10.0135 6140  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:49:10.0155 6140  RDPCDD - ok
16:49:10.0168 6140  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:49:10.0188 6140  RDPENCDD - ok
16:49:10.0204 6140  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:49:10.0223 6140  RDPREFMP - ok
16:49:10.0259 6140  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:49:10.0313 6140  RDPWD - ok
16:49:10.0347 6140  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:49:10.0399 6140  rdyboost - ok
16:49:10.0447 6140  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:49:10.0527 6140  RemoteAccess - ok
16:49:10.0560 6140  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:49:10.0639 6140  RemoteRegistry - ok
16:49:10.0656 6140  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:49:10.0684 6140  RpcEptMapper - ok
16:49:10.0707 6140  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:49:10.0755 6140  RpcLocator - ok
16:49:10.0796 6140  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:49:10.0829 6140  RpcSs - ok
16:49:10.0846 6140  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:49:10.0873 6140  rspndr - ok
16:49:10.0905 6140  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:49:10.0988 6140  RTL8167 - ok
16:49:11.0031 6140  [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
16:49:11.0104 6140  RTL8192su - ok
16:49:11.0116 6140  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:49:11.0134 6140  SamSs - ok
16:49:11.0166 6140  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:49:11.0194 6140  sbp2port - ok
16:49:11.0237 6140  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:49:11.0290 6140  SCardSvr - ok
16:49:11.0313 6140  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:49:11.0389 6140  scfilter - ok
16:49:11.0430 6140  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:49:11.0488 6140  Schedule - ok
16:49:11.0507 6140  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:49:11.0527 6140  SCPolicySvc - ok
16:49:11.0605 6140  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:49:11.0699 6140  SDRSVC - ok
16:49:11.0732 6140  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:49:11.0818 6140  secdrv - ok
16:49:11.0835 6140  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:49:11.0880 6140  seclogon - ok
16:49:11.0912 6140  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:49:11.0943 6140  SENS - ok
16:49:11.0954 6140  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:49:12.0000 6140  SensrSvc - ok
16:49:12.0019 6140  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:49:12.0057 6140  Serenum - ok
16:49:12.0078 6140  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:49:12.0113 6140  Serial - ok
16:49:12.0141 6140  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:49:12.0164 6140  sermouse - ok
16:49:12.0184 6140  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:49:12.0216 6140  SessionEnv - ok
16:49:12.0236 6140  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:49:12.0287 6140  sffdisk - ok
16:49:12.0314 6140  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:49:12.0383 6140  sffp_mmc - ok
16:49:12.0401 6140  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:49:12.0436 6140  sffp_sd - ok
16:49:12.0464 6140  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:49:12.0495 6140  sfloppy - ok
16:49:12.0517 6140  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:49:12.0559 6140  SharedAccess - ok
16:49:12.0601 6140  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:49:12.0628 6140  ShellHWDetection - ok
16:49:12.0662 6140  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:49:12.0736 6140  sisagp - ok
16:49:12.0765 6140  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:49:12.0784 6140  SiSRaid2 - ok
16:49:12.0793 6140  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:49:12.0814 6140  SiSRaid4 - ok
16:49:12.0837 6140  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:49:12.0873 6140  Smb - ok
16:49:12.0909 6140  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:49:12.0924 6140  SNMPTRAP - ok
16:49:12.0937 6140  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:49:12.0951 6140  spldr - ok
16:49:12.0982 6140  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:49:13.0033 6140  Spooler - ok
16:49:13.0217 6140  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:49:13.0289 6140  sppsvc - ok
16:49:13.0301 6140  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:49:13.0328 6140  sppuinotify - ok
16:49:13.0382 6140  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:49:13.0468 6140  srv - ok
16:49:13.0485 6140  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:49:13.0512 6140  srv2 - ok
16:49:13.0524 6140  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:49:13.0554 6140  srvnet - ok
16:49:13.0579 6140  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:49:13.0640 6140  SSDPSRV - ok
16:49:13.0671 6140  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:49:13.0694 6140  ssmdrv - ok
16:49:13.0704 6140  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:49:13.0743 6140  SstpSvc - ok
16:49:13.0764 6140  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:49:13.0778 6140  stexstor - ok
16:49:13.0822 6140  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:49:13.0918 6140  StiSvc - ok
16:49:13.0951 6140  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:49:13.0996 6140  swenum - ok
16:49:14.0034 6140  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:49:14.0133 6140  swprv - ok
16:49:14.0235 6140  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:49:14.0318 6140  SysMain - ok
16:49:14.0341 6140  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:49:14.0374 6140  TabletInputService - ok
16:49:14.0387 6140  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:49:14.0419 6140  TapiSrv - ok
16:49:14.0435 6140  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:49:14.0519 6140  TBS - ok
16:49:14.0653 6140  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:49:14.0768 6140  Tcpip - ok
16:49:14.0800 6140  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:49:14.0826 6140  TCPIP6 - ok
16:49:14.0871 6140  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:49:14.0925 6140  tcpipreg - ok
16:49:14.0958 6140  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:49:15.0024 6140  TDPIPE - ok
16:49:15.0038 6140  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:49:15.0088 6140  TDTCP - ok
16:49:15.0111 6140  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:49:15.0177 6140  tdx - ok
16:49:15.0263 6140  [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
16:49:15.0296 6140  TelevisionFanaticService - ok
16:49:15.0328 6140  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:49:15.0381 6140  TermDD - ok
16:49:15.0449 6140  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:49:15.0496 6140  TermService - ok
16:49:15.0521 6140  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:49:15.0587 6140  Themes - ok
16:49:15.0599 6140  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:49:15.0625 6140  THREADORDER - ok
16:49:15.0630 6140  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:49:15.0668 6140  TrkWks - ok
16:49:15.0726 6140  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:49:15.0780 6140  TrustedInstaller - ok
16:49:15.0800 6140  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:49:15.0865 6140  tssecsrv - ok
16:49:15.0901 6140  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:49:15.0929 6140  TsUsbFlt - ok
16:49:15.0961 6140  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:49:16.0003 6140  tunnel - ok
16:49:16.0032 6140  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:49:16.0067 6140  uagp35 - ok
16:49:16.0086 6140  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:49:16.0156 6140  udfs - ok
16:49:16.0188 6140  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:49:16.0230 6140  UI0Detect - ok
16:49:16.0263 6140  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:49:16.0279 6140  uliagpkx - ok
16:49:16.0291 6140  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
16:49:16.0306 6140  umbus - ok
16:49:16.0325 6140  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:49:16.0367 6140  UmPass - ok
16:49:16.0386 6140  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:49:16.0435 6140  upnphost - ok
16:49:16.0448 6140  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:16.0485 6140  usbccgp - ok
16:49:16.0513 6140  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:49:16.0572 6140  usbcir - ok
16:49:16.0592 6140  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:49:16.0668 6140  usbehci - ok
16:49:16.0701 6140  [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:49:16.0734 6140  usbfilter - ok
16:49:16.0751 6140  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:49:16.0808 6140  usbhub - ok
16:49:16.0827 6140  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:49:16.0843 6140  usbohci - ok
16:49:16.0859 6140  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:49:16.0877 6140  usbprint - ok
16:49:16.0910 6140  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:49:16.0940 6140  usbscan - ok
16:49:16.0959 6140  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:16.0980 6140  USBSTOR - ok
16:49:16.0997 6140  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:49:17.0028 6140  usbuhci - ok
16:49:17.0050 6140  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:49:17.0092 6140  UxSms - ok
16:49:17.0109 6140  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:49:17.0122 6140  VaultSvc - ok
16:49:17.0131 6140  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:49:17.0150 6140  vdrvroot - ok
16:49:17.0187 6140  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:49:17.0248 6140  vds - ok
16:49:17.0276 6140  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:17.0295 6140  vga - ok
16:49:17.0310 6140  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:49:17.0343 6140  VgaSave - ok
16:49:17.0381 6140  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:49:17.0422 6140  vhdmp - ok
16:49:17.0448 6140  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:49:17.0473 6140  viaagp - ok
16:49:17.0483 6140  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:49:17.0508 6140  ViaC7 - ok
16:49:17.0525 6140  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:49:17.0548 6140  viaide - ok
16:49:17.0554 6140  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:49:17.0574 6140  volmgr - ok
16:49:17.0589 6140  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:49:17.0602 6140  volmgrx - ok
16:49:17.0618 6140  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:49:17.0639 6140  volsnap - ok
16:49:17.0662 6140  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:17.0679 6140  vsmraid - ok
16:49:17.0740 6140  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:49:17.0785 6140  VSS - ok
16:49:17.0793 6140  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:49:17.0831 6140  vwifibus - ok
16:49:17.0845 6140  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:49:17.0926 6140  vwififlt - ok
16:49:17.0978 6140  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:49:18.0059 6140  W32Time - ok
16:49:18.0077 6140  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:49:18.0123 6140  WacomPen - ok
16:49:18.0161 6140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:49:18.0200 6140  WANARP - ok
16:49:18.0203 6140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:49:18.0223 6140  Wanarpv6 - ok
16:49:18.0284 6140  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:49:18.0374 6140  WatAdminSvc - ok
16:49:18.0407 6140  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:49:18.0507 6140  wbengine - ok
16:49:18.0528 6140  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:49:18.0585 6140  WbioSrvc - ok
16:49:18.0621 6140  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:49:18.0668 6140  wcncsvc - ok
16:49:18.0685 6140  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:49:18.0727 6140  WcsPlugInService - ok
16:49:18.0752 6140  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:49:18.0770 6140  Wd - ok
16:49:18.0803 6140  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:49:18.0842 6140  Wdf01000 - ok
16:49:18.0857 6140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:49:18.0891 6140  WdiServiceHost - ok
16:49:18.0894 6140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:49:18.0907 6140  WdiSystemHost - ok
16:49:18.0930 6140  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:49:18.0963 6140  WebClient - ok
16:49:18.0969 6140  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:49:18.0999 6140  Wecsvc - ok
16:49:19.0013 6140  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:49:19.0049 6140  wercplsupport - ok
16:49:19.0076 6140  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:49:19.0100 6140  WerSvc - ok
16:49:19.0133 6140  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:49:19.0156 6140  WfpLwf - ok
16:49:19.0170 6140  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:49:19.0183 6140  WIMMount - ok
16:49:19.0235 6140  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:49:19.0331 6140  WinDefend - ok
16:49:19.0353 6140  WinHttpAutoProxySvc - ok
16:49:19.0393 6140  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:49:19.0456 6140  Winmgmt - ok
16:49:19.0483 6140  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:49:19.0520 6140  WinRM - ok
16:49:19.0547 6140  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:49:19.0588 6140  Wlansvc - ok
16:49:19.0632 6140  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:49:19.0681 6140  wlidsvc - ok
16:49:19.0707 6140  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:49:19.0774 6140  WmiAcpi - ok
16:49:19.0813 6140  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:49:19.0881 6140  wmiApSrv - ok
16:49:20.0011 6140  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:49:20.0084 6140  WMPNetworkSvc - ok
16:49:20.0099 6140  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:49:20.0125 6140  WPCSvc - ok
16:49:20.0152 6140  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:49:20.0200 6140  WPDBusEnum - ok
16:49:20.0221 6140  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0265 6140  ws2ifsl - ok
16:49:20.0283 6140  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:49:20.0298 6140  wscsvc - ok
16:49:20.0301 6140  WSearch - ok
16:49:20.0378 6140  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:49:20.0436 6140  wuauserv - ok
16:49:20.0467 6140  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:49:20.0525 6140  WudfPf - ok
16:49:20.0546 6140  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0588 6140  WUDFRd - ok
16:49:20.0630 6140  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:49:20.0668 6140  wudfsvc - ok
16:49:20.0699 6140  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:49:20.0760 6140  WwanSvc - ok
16:49:20.0779 6140  ================ Scan global ===============================
16:49:20.0812 6140  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:49:20.0873 6140  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:49:20.0891 6140  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:49:20.0904 6140  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:49:20.0926 6140  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:49:20.0940 6140  [Global] - ok
16:49:20.0940 6140  ================ Scan MBR ==================================
16:49:20.0968 6140  [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
16:49:23.0612 6140  \Device\Harddisk0\DR0 - ok
16:49:23.0612 6140  ================ Scan VBR ==================================
16:49:23.0638 6140  [ 736BCE823272F01328C32FAD040874C1 ] \Device\Harddisk0\DR0\Partition1
16:49:23.0651 6140  \Device\Harddisk0\DR0\Partition1 - ok
16:49:23.0659 6140  [ 28687DDE994E35F7E632FE8235072F8A ] \Device\Harddisk0\DR0\Partition2
16:49:23.0700 6140  \Device\Harddisk0\DR0\Partition2 - ok
16:49:23.0733 6140  [ 5E9BFD3B95DE08ABC9A60853DAEDFCA3 ] \Device\Harddisk0\DR0\Partition3
16:49:23.0763 6140  \Device\Harddisk0\DR0\Partition3 - ok
16:49:23.0764 6140  ============================================================
16:49:23.0764 6140  Scan finished
16:49:23.0764 6140  ============================================================
16:49:23.0789 6084  Detected object count: 3
16:49:23.0789 6084  Actual detected object count: 3
16:50:21.0712 6084  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0712 6084  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:50:21.0716 6084  Mkd2kfNt ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0716 6084  Mkd2kfNt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:50:21.0719 6084  Mkd2Nadr ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0719 6084  Mkd2Nadr ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 05.06.2013, 13:58   #10
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 14:20   #11
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hier die ComboFix.txt

Code:
ATTFilter
ComboFix 13-06-05.01 - Alex 05.06.2013  17:04:24.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2315 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64bprtct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dlghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dyn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64feedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64ieovr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64msg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64radio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64reghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64sknlcr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
c:\program files\TelevisionFanatic\bar\1.bin\64SrchMn.exe
c:\program files\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
c:\program files\TelevisionFanatic\bar\1.bin\AppIntegratorStub64.dll
c:\program files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
c:\program files\TelevisionFanatic\bar\1.bin\CREXT.DLL
c:\program files\TelevisionFanatic\bar\1.bin\CrExtP64.exe
c:\program files\TelevisionFanatic\bar\1.bin\Hpg64.dll
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8HTML.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\users\Alex\AppData\Roaming\.#
c:\users\Alex\AppData\Roaming\.#\MBX@13AC@1672740.###
c:\users\Alex\AppData\Roaming\.#\MBX@13AC@1672770.###
c:\users\Alex\AppData\Roaming\.#\MBX@1B0@2F2740.###
c:\users\Alex\AppData\Roaming\.#\MBX@1B0@2F2770.###
c:\users\Alex\AppData\Roaming\.#\MBX@C1C@14A2740.###
c:\users\Alex\AppData\Roaming\.#\MBX@C1C@14A2770.###
c:\users\Alex\AppData\Roaming\.#\MBX@E54@1532740.###
c:\users\Alex\AppData\Roaming\.#\MBX@E54@1532770.###
c:\users\Alex\AppData\Roaming\PriceGong
c:\users\Alex\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Alex\AppData\Roaming\PriceGong\Data\z.xml
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TelevisionFanaticService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-05 bis 2013-06-05  ))))))))))))))))))))))))))))))
.
.
2013-06-05 19:44 . 2013-06-05 20:17	--------	d-----w-	C:\_OTL
2013-06-05 15:10 . 2013-06-05 15:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-15 14:06 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 14:06 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 14:06 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 14:06 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 14:06 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 14:06 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 14:05 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:05 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 20:39 . 2012-03-29 12:41	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 20:39 . 2011-05-17 11:23	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 04:45 . 2013-05-15 14:06	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:06	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 12:29	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 22:11 . 2013-04-04 22:11	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-04 22:11 . 2013-04-04 22:11	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-04-04 22:11 . 2013-04-04 22:11	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-04-04 22:11 . 2013-04-04 22:11	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-04-04 22:11 . 2013-04-04 22:11	158720	----a-w-	c:\windows\system32\msls31.dll
2013-04-04 22:11 . 2013-04-04 22:11	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-04-04 22:11 . 2013-04-04 22:11	138752	----a-w-	c:\windows\system32\wextract.exe
2013-04-04 22:11 . 2013-04-04 22:11	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-04 22:11 . 2013-04-04 22:11	12800	----a-w-	c:\windows\system32\mshta.exe
2013-04-04 22:11 . 2013-04-04 22:11	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-04 22:11 . 2013-04-04 22:11	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-04 22:11 . 2013-04-04 22:11	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-04 22:11 . 2013-04-04 22:11	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-04-04 22:11 . 2013-04-04 22:11	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-04 22:11 . 2013-04-04 22:11	361984	----a-w-	c:\windows\system32\html.iec
2013-04-04 22:11 . 2013-04-04 22:11	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-04 22:11 . 2013-04-04 22:11	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-03 11:14 . 2010-07-25 19:56	775101	----a-w-	c:\users\Alex\AppData\Roaming\mdbu.bin
2013-03-19 05:04 . 2013-04-10 11:55	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:55	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 11:55	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 11:55	69632	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-18 39408]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-02-20 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2010-11-24 19721728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2009-10-13 133632]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-07-13 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-29 06:43	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:39]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 14:06]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 14:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f81bd416-895b-43d6-8e63-b47a8f6edc27&searchtype=ds&q={searchTerms}
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.0.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-NexonEULauncher - (no file)
SafeBoot-BsScanner
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\games\Game Alarm\Updater.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-05  17:17:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-05 15:17
.
Vor Suchlauf: 10 Verzeichnis(se), 891.387.412.480 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 901.806.686.208 Bytes frei
.
- - End Of File - - E1A34A85A505BC6BF7312BDD1B4219CF

Alt 05.06.2013, 14:23   #12
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 17:30   #13
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


hier das Logfile

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.05.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Alex :: ALEX-PC [Administrator]

Schutz: Deaktiviert

05.06.2013 17:29:25
mbam-log-2013-06-05 (17-29-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372815
Laufzeit: 1 Stunde(n), 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles.zip (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06052013_154402\G_Users\Alex\AppData\Roaming\skype.dat (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 05.06.2013, 18:01   #14
markusg
/// Malware-holic
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


aloa,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 18:45   #15
pyr-anja
 
GVU-Trojaner auf einem unserer Rechner - Standard

GVU-Trojaner auf einem unserer Rechner


puh, ich hoffe jetzt bin ich durch. hier das file

Code:
ATTFilter
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	24.07.2010		10.0.45.2		notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	14.05.2013	6,00MB	11.7.700.202		notwendig
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	03.08.2011	164MB	9.4.5			notwendig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	24.07.2010		11.5.6.606			notwendig
AhnLab Online Security	AhnLab, Inc	22.07.2011								notwendig	
ALDI SÜD Mah Jong		24.07.2010									notwendig
ALDI Süd Foto Manager Free	MAGIX AG	05.05.2010		6.0.1.491				notwendig
ALDI Süd Foto Service	MAGIX AG	05.05.2010		4.5.9.140					notwendig
Aldi Süd Fotoservice		05.05.2010									notwendig
ALDI Süd Online Druck Service	MAGIX AG	05.05.2010		4.5.1.0					notwendig
Ask Toolbar	Ask.com	28.05.2013	5,11MB	1.15.25.0							unnötig
Ask Toolbar Updater	Ask.com	28.05.2013		1.2.6.44892						unnötig						
ATI Catalyst Install Manager	ATI Technologies, Inc.	29.04.2010	16,5MB	3.0.769.0			notwendig
Avira AntiVir Personal - Free Antivirus	Avira GmbH	30.10.2012	61,7MB	10.2.0.719			notwendig
Big Pizza Ski Challenge 11		24.11.2010								unnötig
Bing Bar	Microsoft Corporation	12.10.2012	464KB	7.1.391.0					unnötig
Canon Easy-PhotoPrint EX		07.11.2010								notwendig		
Canon MG5100 series Benutzerregistrierung		07.11.2010						notwendig					
Canon MG5100 series MP Drivers		07.11.2010								notwendig
Canon MP Navigator EX 4.0		07.11.2010								notwendig		
Canon My Printer		07.11.2010									notwendig										
Canon Solution Menu EX		07.11.2010									notwendig	
CCleaner	Piriform	24.05.2013		4.02							notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	178MB	12.0.6612.1000	notwendig
CorelDRAW Essentials 4	Corel Corporation	29.01.2010							notwendig
CorelDRAW Essentials 4 - Extra Content	Corel Corporation	29.01.2010					notwendig
CyberLink LabelPrint	CyberLink Corp.	29.04.2010	143MB	2.5.2515					notwendig
CyberLink Power2Go	CyberLink Corp.	29.04.2010	104MB	6.1.3602c					notwendig
CyberLink PowerDVD Copy	CyberLink Corp.	29.04.2010	30,7MB	1.5.1306					notwendig
DVDVideoSoftTB Toolbar	DVDVideoSoftTB	07.11.2011		6.7.0.6						unnötig
Europe MapleStory	Nexon	21.04.2011									notwendig	
Firebird SQL Server - MAGIX Edition	MAGIX AG	04.02.2010	10,0MB	2.1.23.0			unbekannt
Free YouTube to MP3 Converter version 3.12.1.320	DVDVideoSoft Ltd.	29.03.2013	76,1MB	3.12.1.320notwendig
Game Alarm		24.11.2010										unnötig
GMX Softwareaktualisierung	1&1 Mail & Media GmbH	03.08.2011		2.0.1.9				unbekannt
Google Chrome	Google Inc.	18.11.2012		27.0.1453.94						unnötig
Google Toolbar for Internet Explorer	Google Inc.	15.01.2013		7.4.3607.2246			unnötig
Java(TM) 6 Update 20	Sun Microsystems, Inc.	29.04.2010	97,2MB	6.0.200					notwendig
Konz 2012	USM	03.09.2012	273KB	1.00.0000							notwendig
Lexware Info Service	Haufe-Lexware GmbH & Co.KG	22.08.2011	12,4MB	2.70.00.0081			notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	05.06.2013	19,2MB	1.75.0.1300notwendig
McAfee Security Scan Plus	McAfee, Inc.	19.02.2013	10,2MB	3.0.318.3				unnötig
MEDION Fotos auf CD & DVD SE Sued	MAGIX AG	05.05.2010		8.0.3.4				notwendig
Medion Home Cinema	CyberLink Corp.	29.04.2010	964KB	6.0.0000					notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	04.11.2010	38,8MB	4.0.30319	notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	04.11.2010	2,93MB	4.0.30319notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	11.11.2012	7,95MB	14.0.5130.5003		notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	01.04.2012		12.0.6612.1000		notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	09.11.2012	508KB	2.0.4024.1		notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	09.01.2013	74,9MB	12.0.6612.1000notwendig
Microsoft Office Professional Edition 2003	Microsoft Corporation	15.05.2013	1,24GB	11.0.8173.0	notwendig
Microsoft Office Suite Activation Assistant	Microsoft Corporation	04.02.2010	8,36MB	2.9		notwendig
Microsoft Silverlight	Microsoft Corporation	14.03.2013	82,4MB	5.1.20125.0				unbekannt
Microsoft SQL Server 2005 Compact Edition [DEU]	Microsoft Corporation	26.01.2010	333KB	3.1.0000	notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	26.01.2010	1,72MB	3.1.0000	notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	26.01.2010	625KB	1.0.1215.0notwendig
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	26.01.2010	1,44MB	1.0.1215.0notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	26.01.2010	252KB	8.0.50727.4053notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.03.2012	300KB	8.0.61001	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	29.04.2010	240KB	9.0.30729notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.01.2010	596KB	9.0.30729.4148notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31.03.2012	600KB	9.0.30729.6161notwendig
Microsoft Works	Microsoft Corporation	11.10.2012	1,02GB	9.7.0621
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	04.02.2010	35,0KB	4.20.9870.0			notwendig
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	04.02.2010	1,33MB	4.20.9876.0			notwendig
PlayReady PC Runtime x86	Microsoft Corporation	24.07.2010	1,65MB	1.3.0				unbekannt
PokerStars.net	PokerStars.net	23.10.2011									notwendig		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	24.07.2010		6.0.1.6083	notwendig
Ski Challenge 12 (SRF)		29.11.2011									unnötig
Ski Challenge 13 (CH)		05.12.2012									unnötig
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	26.01.2010	64,6MB	9.0.0notwendig
Steuer 2009	Haufe-Lexware GmbH & Co. KG	29.03.2012	461MB	16.14.00.0001				notwendig
Steuer 2010	Haufe-Lexware GmbH & Co.KG	30.03.2013	534MB	17.08.00.0005				notwendig
Steuer 2011	Buhl Data Service GmbH	03.09.2012		19.00.7304					notwendig
Windows Live Essentials	Microsoft Corporation	26.01.2010		14.0.8089.0726				unbekannt
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	28.01.2010	5,51MB	6.500.3146.0		unbekannt
Windows Live Sync	Microsoft Corporation	26.01.2010	2,79MB	14.0.8089.726				unbekannt
Windows Live-Uploadtool	Microsoft Corporation	26.01.2010	224KB	14.0.8014.1029				unbekannt

Antwort
Seite 1 von 2 1 2

Themen zu GVU-Trojaner auf einem unserer Rechner
betriebssystem, freund, gvu-trojaner, hoffe, rechner, windows


« Kann 'Citadel' Mac OS X infizieren? | GVU-Trojaner (Windows 7 [64-bit]) »


Ähnliche Themen: GVU-Trojaner auf einem unserer Rechner


  1. JS/Agent.NKW Trojaner auf unserer Homepage
    Plagegeister aller Art und deren Bekämpfung - 30.07.2014 (12)
  2. GVU Schädling auf einem XP Rechner 100 Euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 08.09.2013 (11)
  3. GVU Trojaner auf einem Windows XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (11)
  4. Hallo, auf einem meiner Rechner hat sich ein Trojaner eingenistet, der den PC sperrt mit der Seite 'Bundesamt für Sicherheit in der Informa
    Log-Analyse und Auswertung - 22.07.2013 (20)
  5. Der Rechbaran seinen Rechner, da der Rechner von einem Virus "Zahlundsaufforderung angeblich von der GVU" hat den Rechner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  6. trojaner auf einem rechner
    Log-Analyse und Auswertung - 16.04.2013 (18)
  7. Mal wieder der GVU Trojaner auf einem XP rechner .
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (4)
  8. GVU-Virus auf einem Vista rechner
    Log-Analyse und Auswertung - 23.02.2013 (28)
  9. Trojan-Downloader.JS.Iframe.czd auf unserer Firmen-Homepage
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (19)
  10. Speedbegrenzung für Alle 3 Mitglieder unserer WG
    Netzwerk und Hardware - 23.07.2012 (7)
  11. GVU Trojaner auf einem XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (5)
  12. Vista (Recovery) neuaufsetzen nach BKA Trojaner bei zwei Betriebssystemen auf einem Rechner
    Alles rund um Windows - 27.07.2011 (1)
  13. Spamversand mit unserer IP
    Überwachung, Datenschutz und Spam - 08.01.2010 (6)
  14. Probleme mit dem Rechner.. Das System wird nach einem schwerwiegenden Fehler wieder..
    Alles rund um Windows - 27.02.2009 (1)
  15. Mit einem Linux-Rechner auf ein Drahtloses Windows-Netzwerk zugreifen?
    Alles rund um Mac OSX & Linux - 30.08.2006 (13)
  16. linux (welches?) unnd winxp auf einem rechner - bitte tipps!
    Alles rund um Mac OSX & Linux - 08.07.2006 (15)
  17. Leute bekommen Spammails von unserer Serveradresse.
    Überwachung, Datenschutz und Spam - 02.09.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner auf einem unserer Rechner - Mein Freund hat sich den GVU-Trojaner auf seinem Rechner eingefangen. Betriebssystem ist Windows7. Es sind weitere saubere Rechner mit CD-Brenner hier. Ich hoffe ihr könnt mir helfen. Danke im Voraus, - GVU-Trojaner auf einem unserer Rechner...
Archiv
Du betrachtest: GVU-Trojaner auf einem unserer Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55