Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner hat mich erwischt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2012, 15:59   #1
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hallo vorhin hat er mich leider erwischt hab dann den Quick Scan mit Anti Malewarebytes gemacht

hier der log dazu hoffe mir ist noch zu helfen

danke schonmal

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Meier :: SAMSUNG [Administrator]

28.12.2012 15:45:39
mbam-log-2012-12-28 (15-45-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207252
Laufzeit: 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 28.12.2012, 16:00   #2
markusg
/// Malware-holic
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 28.12.2012, 16:02   #3
ryder
/// TB-Ausbilder
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



-----------
__________________
__________________

Geändert von ryder (28.12.2012 um 16:15 Uhr) Grund: Du warst schneller :)

Alt 28.12.2012, 20:54   #4
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hallo so hier der log von OTL

aber hab keine extra.txt ???

Code:
ATTFilter
OTL logfile created on: 28.12.2012 20:20:19 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Meier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,54% Memory free
6,08 Gb Paging File | 4,64 Gb Available in Paging File | 76,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 9,78 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 45,16 Gb Free Space | 19,98% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.18 08:22:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012.07.26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012.07.19 19:31:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
PRC - [2012.06.13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012.03.19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.29 08:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
PRC - [2011.01.26 09:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2011.01.26 09:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrHis.exe
PRC - [2011.01.26 09:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2011.01.26 09:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2011.01.26 09:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrPas.exe
PRC - [2011.01.26 09:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrDba.exe
PRC - [2010.12.27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009.10.29 20:47:38 | 000,634,880 | ---- | M] (AN-Soft) -- D:\Program Files\AN QuickNote\QuickNote.exe
PRC - [2009.05.28 07:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 07:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.10 08:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.17 22:59:11 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll
MOD - [2012.11.17 22:56:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012.11.17 22:56:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.17 22:54:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.17 22:54:20 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.17 22:54:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.17 22:52:53 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.17 22:52:26 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.12.27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010.05.12 14:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Users\Meier\wgsdgsdgdsgsd.dll -- (Winmgmt)
SRV - [2012.12.12 08:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.27 08:55:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.10.26 07:07:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.29 08:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.01.26 09:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011.01.26 09:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011.01.26 09:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011.01.26 09:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- D:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011.01.26 09:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011.01.26 09:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ai-port.sys -- (FTSER2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Meier\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 15:29:38 | 000,058,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS)
DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.11.03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.10.06 09:53:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:25:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.30 12:41:54 | 000,008,152 | ---- | M] (TDi GmbH TechnoData - Interware) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.12.18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.05.15 14:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.02.05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.05.04 15:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 06:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.20 17:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.09 19:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 18:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.20 07:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 19:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.16 19:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.29 20:53:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Meier\AppData\Roaming\16001.009 [2012.11.10 08:53:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
 
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.20 07:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\wi3ydtaw.default\extensions
[2012.10.18 06:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MEIER\APPDATA\ROAMING\16001.009
[2012.10.27 08:55:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 06:41:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [QuickNote] D:\Program Files\AN QuickNote\QuickNote.exe (AN-Soft)
O4 - Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\VCDS-Dt\VCDS.exe (Ross-Tech, LLC)
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBC6BDF0-EF9A-4FF2-B3B7-9A15E0A0EFD3}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD775AA9-6CA8-46A6-854A-9568B8EAF484}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7126855-9BB3-4492-9373-105E0C664B65}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37E154EA-1947-5568-4854-9FEEC797BE40} - Microsoft Windows Media Player
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6159DDF7-8716-068C-F1A0-8F44B64A5F16} - Microsoft VM
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76C19B34-F0C8-11cf-87CC-0020AFEECF20} - Simp Chinese Language Pack
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9DE29844-9B78-9C06-4B36-6E81147B65CF} - Microsoft Windows Media Player 11.0
ActiveX: {9E50C71C-A4DB-3EC2-D165-60E659E87BAB} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB967CAC-0030-99DA-1F89-684B521B42FF} - 
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - C:\Users\Meier\wgsdgsdgdsgsd.dll (Корпорация Майкрософт)
 
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: FILSHtray - hkey= - key= - D:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: KTSInit - hkey= - key= -  File not found
MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 14:57:12 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
[2012.12.28 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\Yahoo!
[2012.12.28 13:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.12.28 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.12.28 12:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.12.20 07:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.14 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\Meier\Desktop\Dokus Dez
[2012.12.05 06:54:50 | 000,000,000 | ---D | C] -- C:\Users\Meier\Desktop\dusche
[2 C:\Users\Meier\AppData\Roaming\*.tmp files -> C:\Users\Meier\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 20:27:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.12.28 20:18:37 | 000,157,184 | ---- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 20:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.28 19:56:43 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 19:56:43 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 17:10:53 | 104,511,491 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.12.28 15:59:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 15:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 15:52:44 | 000,000,884 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.28 15:27:45 | 000,710,504 | ---- | M] () -- C:\Windows\is-OM84U.exe
[2012.12.28 15:27:45 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 15:23:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.28 15:02:14 | 000,000,680 | ---- | M] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.28 14:57:14 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
[2012.12.26 08:17:34 | 003,751,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.26 06:38:06 | 000,893,034 | ---- | M] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.24 07:29:16 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.24 07:29:16 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.24 07:29:16 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.24 07:29:16 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 07:09:52 | 000,000,992 | ---- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.20 07:09:50 | 000,000,939 | ---- | M] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.05 06:56:24 | 000,401,668 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2 C:\Users\Meier\AppData\Roaming\*.tmp files -> C:\Users\Meier\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.28 15:27:45 | 000,710,504 | ---- | C] () -- C:\Windows\is-OM84U.exe
[2012.12.28 15:02:14 | 000,000,680 | ---- | C] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.28 14:57:14 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 14:57:14 | 000,000,884 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.28 14:57:12 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.26 08:22:03 | 000,893,034 | ---- | C] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.20 07:09:52 | 000,000,992 | ---- | C] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.20 07:09:50 | 000,000,939 | ---- | C] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.13 20:06:44 | 000,007,720 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\BAcroIEHelpe231.dll
[2012.11.11 20:25:54 | 000,000,011 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\urhtps.dat
[2012.11.10 08:53:54 | 000,000,016 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\blckdom.res
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.17 21:02:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.03.09 19:45:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.19 14:09:17 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.02.04 10:07:37 | 000,000,137 | -H-- | C] () -- C:\Windows\System32\crkmo.dll
[2011.10.26 07:08:48 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.11 14:59:17 | 000,000,021 | ---- | C] () -- C:\Users\Meier\AppData\Local\mc.pixel.data
[2011.10.07 11:14:40 | 000,000,037 | ---- | C] () -- C:\Windows\System32\conmansrv.ini
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\NETEDIC.INI
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\HWEDIC.INI
[2011.10.05 09:55:33 | 000,039,424 | ---- | C] () -- C:\Windows\System32\NMEVTRPT.dll
[2011.09.18 10:34:46 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.14 14:13:53 | 000,000,600 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\winscp.rnd
[2011.09.07 14:07:22 | 000,001,456 | ---- | C] () -- C:\Users\Meier\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.06 09:32:05 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.31 17:34:15 | 000,002,788 | ---- | C] () -- C:\Windows\RbSystem.ini
[2011.08.31 17:33:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\xcd73532.dll
[2011.08.31 17:33:00 | 000,012,800 | ---- | C] () -- C:\Windows\System32\PWUtility.dll
[2011.08.31 17:33:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\dtctrace.dll
[2011.08.31 17:32:49 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat
[2011.08.31 17:32:45 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2011.08.31 17:32:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2011.08.31 17:27:28 | 000,000,487 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2011.08.31 06:53:45 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2011.08.27 15:11:42 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.06 10:53:35 | 000,134,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.30 06:07:16 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.28 06:41:12 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011.07.28 06:41:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2011.07.28 06:41:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2011.07.28 06:35:37 | 000,305,908 | ---- | C] () -- C:\Windows\ETOSU.EXE
[2011.07.28 06:32:23 | 000,000,133 | ---- | C] () -- C:\Windows\ETOSP.INI
[2011.06.22 17:11:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.21 19:54:09 | 000,157,184 | ---- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.21 09:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.21 09:14:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 19:07:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.11 11:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 11:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 11:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 10:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 10:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2011.06.21 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\.minecraft
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\16001.009
[2012.07.15 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Autodesk
[2012.01.29 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AVG2012
[2011.08.24 10:09:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\BOM
[2011.06.11 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2011.09.01 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2011.09.18 07:27:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.23 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\CheckPoint
[2011.09.05 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.01.23 06:51:26 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Lite
[2012.12.20 07:10:59 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2012.12.20 07:09:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.13 06:36:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\FileZilla
[2011.06.03 06:59:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Giub
[2011.05.21 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2012.12.28 14:57:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2012.11.10 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\kock
[2011.09.05 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Nvu
[2012.11.21 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\OpenCandy
[2011.07.18 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2012.12.18 07:34:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2011.07.02 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Outerspace Software
[2012.02.26 08:38:51 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\picpick
[2011.05.21 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2012.05.29 06:18:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\QuickNote
[2012.08.29 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\redsn0w
[2012.11.11 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ryubyc
[2012.05.13 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Samsung
[2011.09.18 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\SlySoft
[2012.07.18 06:27:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Summitsoft
[2012.10.04 06:45:06 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\T-Online
[2011.05.20 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Thunderbird
[2011.06.03 07:07:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ubny
[2011.11.11 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Unity
[2012.03.18 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Visan
[2012.11.11 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Vuumf
[2012.11.11 14:20:01 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Wuydy
[2012.11.17 08:04:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\xmldm
[2012.12.28 15:23:22 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.03 07:02:31 | 000,000,000 | -H-D | M] -- C:\$AVG
[2009.09.11 12:44:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.22 14:06:25 | 000,000,000 | ---D | M] -- C:\ADCDA2
[2011.05.21 10:16:37 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.08.31 17:35:56 | 000,000,000 | ---D | M] -- C:\Bosch_PR
[2011.08.27 15:11:18 | 000,000,000 | ---D | M] -- C:\data
[2011.07.02 15:26:23 | 000,000,000 | ---D | M] -- C:\DirectX
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.21 18:21:46 | 000,000,000 | ---D | M] -- C:\downloads
[2012.02.10 21:57:48 | 000,000,000 | ---D | M] -- C:\elearn
[2011.08.31 17:30:23 | 000,000,000 | ---D | M] -- C:\ESI
[2011.05.21 08:35:55 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.07 11:13:09 | 000,000,000 | ---D | M] -- C:\PDU-API
[2011.05.21 10:35:28 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.28 12:59:34 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.28 14:57:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.27 18:02:23 | 000,000,000 | ---D | M] -- C:\PROGRAMME
[2011.10.07 11:16:58 | 000,000,000 | ---D | M] -- C:\SIDIS
[2009.07.27 03:58:28 | 000,000,000 | ---D | M] -- C:\SoftwareMedia
[2012.12.28 09:12:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.24 18:26:04 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.11 12:27:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.10 09:08:14 | 000,000,000 | ---D | M] -- C:\VCDS-Dt
[2011.08.27 15:12:24 | 000,000,000 | ---D | M] -- C:\VW
[2012.12.28 15:57:19 | 000,000,000 | ---D | M] -- C:\Windows
[2012.07.22 06:00:27 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.10.06 09:53:14 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.28 20:20:19 | 003,407,872 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT
[2012.12.28 20:20:19 | 000,262,144 | -H-- | M] () -- C:\Users\Meier\ntuser.dat.LOG1
[2009.09.11 12:27:02 | 000,000,000 | -H-- | M] () -- C:\Users\Meier\ntuser.dat.LOG2
[2012.12.28 15:54:10 | 000,065,536 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.12.28 15:54:10 | 000,524,288 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.09.11 12:50:49 | 000,524,288 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.09.11 12:27:02 | 000,000,020 | -HS- | M] () -- C:\Users\Meier\ntuser.ini
[2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         

Alt 30.12.2012, 09:47   #5
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hallo,

Irgendwie hat er mich wieder eingeholt konnte ja nachdem ich den mbam Scan gemacht hatte wieder ganz normal den Laptop nutzen seit heute morgen is der Laptop wieder gesperrt und diesmal bekomme ich ihn nicht mit antimalwarebytes weg

Hoffe jemand weiß da Rat

hab nochmal den Scan mit OTL versucht hier nun die beiden Logs

OTL
Code:
ATTFilter
OTL logfile created on: 30.12.2012 14:01:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 82,49% Memory free
6,07 Gb Paging File | 5,77 Gb Available in Paging File | 95,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 10,67 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 51,19 Gb Free Space | 22,65% Space Free | Partition Type: NTFS
Drive H: | 7,53 Gb Total Space | 4,92 Gb Free Space | 65,36% Space Free | Partition Type: FAT32
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.30 13:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Users\Meier\wgsdgsdgdsgsd.dll -- (Winmgmt)
SRV - [2012.12.12 08:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.27 08:55:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.10.26 07:07:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.29 08:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.01.26 09:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011.01.26 09:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011.01.26 09:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011.01.26 09:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- D:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011.01.26 09:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011.01.26 09:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ai-port.sys -- (FTSER2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Meier\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 15:29:38 | 000,058,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS)
DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.11.03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.10.06 09:53:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:25:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.30 12:41:54 | 000,008,152 | ---- | M] (TDi GmbH TechnoData - Interware) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.12.18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.05.15 14:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.02.05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.05.04 15:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 06:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.20 17:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.09 19:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 18:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.20 07:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 19:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.16 19:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.29 20:53:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Meier\AppData\Roaming\16001.009 [2012.11.10 08:53:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
 
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.20 07:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\wi3ydtaw.default\extensions
[2012.10.18 06:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MEIER\APPDATA\ROAMING\16001.009
[2012.10.27 08:55:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 06:41:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [QuickNote] D:\Program Files\AN QuickNote\QuickNote.exe (AN-Soft)
O4 - Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\VCDS-Dt\VCDS.exe (Ross-Tech, LLC)
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC98896-78ED-4597-BA74-794DF4FD3DD7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBC6BDF0-EF9A-4FF2-B3B7-9A15E0A0EFD3}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD775AA9-6CA8-46A6-854A-9568B8EAF484}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7126855-9BB3-4492-9373-105E0C664B65}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37E154EA-1947-5568-4854-9FEEC797BE40} - Microsoft Windows Media Player
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6159DDF7-8716-068C-F1A0-8F44B64A5F16} - Microsoft VM
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76C19B34-F0C8-11cf-87CC-0020AFEECF20} - Simp Chinese Language Pack
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9DE29844-9B78-9C06-4B36-6E81147B65CF} - Microsoft Windows Media Player 11.0
ActiveX: {9E50C71C-A4DB-3EC2-D165-60E659E87BAB} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB967CAC-0030-99DA-1F89-684B521B42FF} - 
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - C:\Users\Meier\wgsdgsdgdsgsd.dll (Корпорация Майкрософт)
 
MsConfig - StartUpFolder: C:^Users^Meier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk -  - File not found
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: FILSHtray - hkey= - key= - D:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: KTSInit - hkey= - key= -  File not found
MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 14:00:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2012.12.30 12:51:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.28 14:57:12 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
[2012.12.28 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\Yahoo!
[2012.12.28 13:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.12.28 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.12.28 12:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.12.20 07:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.14 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\Meier\Desktop\Dokus Dez
[2012.12.05 06:54:50 | 000,000,000 | ---D | C] -- C:\Users\Meier\Desktop\dusche
[2 C:\Users\Meier\AppData\Roaming\*.tmp files -> C:\Users\Meier\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 13:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2012.12.30 13:55:13 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.30 13:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 13:54:23 | 255,654,654 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.30 13:27:02 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:27:02 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:25:36 | 000,000,884 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.30 11:51:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.30 11:41:42 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.12.30 10:55:39 | 003,751,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.30 10:33:07 | 000,001,356 | ---- | M] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.30 09:47:40 | 104,623,776 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.12.30 09:42:40 | 000,002,892 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.30 00:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.29 16:34:28 | 000,163,840 | ---- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 15:27:45 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
[2012.12.26 06:38:06 | 000,893,034 | ---- | M] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.24 07:29:16 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.24 07:29:16 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.24 07:29:16 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.24 07:29:16 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 07:09:52 | 000,000,992 | ---- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.20 07:09:50 | 000,000,939 | ---- | M] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.05 06:56:24 | 000,401,668 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2 C:\Users\Meier\AppData\Roaming\*.tmp files -> C:\Users\Meier\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.30 09:42:40 | 000,000,884 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.28 15:02:14 | 000,001,356 | ---- | C] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.28 14:57:14 | 000,002,892 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 14:57:12 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.26 08:22:03 | 000,893,034 | ---- | C] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.20 07:09:52 | 000,000,992 | ---- | C] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.20 07:09:50 | 000,000,939 | ---- | C] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.11 20:25:54 | 000,000,011 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\urhtps.dat
[2012.11.10 08:53:54 | 000,000,016 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\blckdom.res
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.17 21:02:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.03.09 19:45:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.19 14:09:17 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.02.04 10:07:37 | 000,000,137 | -H-- | C] () -- C:\Windows\System32\crkmo.dll
[2011.10.26 07:08:48 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.11 14:59:17 | 000,000,021 | ---- | C] () -- C:\Users\Meier\AppData\Local\mc.pixel.data
[2011.10.07 11:14:40 | 000,000,037 | ---- | C] () -- C:\Windows\System32\conmansrv.ini
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\NETEDIC.INI
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\HWEDIC.INI
[2011.10.05 09:55:33 | 000,039,424 | ---- | C] () -- C:\Windows\System32\NMEVTRPT.dll
[2011.09.18 10:34:46 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.14 14:13:53 | 000,000,600 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\winscp.rnd
[2011.09.07 14:07:22 | 000,001,456 | ---- | C] () -- C:\Users\Meier\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.06 09:32:05 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.31 17:34:15 | 000,002,788 | ---- | C] () -- C:\Windows\RbSystem.ini
[2011.08.31 17:33:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\xcd73532.dll
[2011.08.31 17:33:00 | 000,012,800 | ---- | C] () -- C:\Windows\System32\PWUtility.dll
[2011.08.31 17:33:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\dtctrace.dll
[2011.08.31 17:32:49 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat
[2011.08.31 17:32:45 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2011.08.31 17:32:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2011.08.31 17:27:28 | 000,000,487 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2011.08.31 06:53:45 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2011.08.27 15:11:42 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.06 10:53:35 | 000,134,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.30 06:07:16 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.28 06:41:12 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011.07.28 06:41:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2011.07.28 06:41:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2011.07.28 06:35:37 | 000,305,908 | ---- | C] () -- C:\Windows\ETOSU.EXE
[2011.07.28 06:32:23 | 000,000,133 | ---- | C] () -- C:\Windows\ETOSP.INI
[2011.06.22 17:11:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.21 19:54:09 | 000,163,840 | ---- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.21 09:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.21 09:14:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 19:07:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.11 11:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 11:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 11:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 10:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 10:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.21 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\.minecraft
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\16001.009
[2012.07.15 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Autodesk
[2012.01.29 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AVG2012
[2011.08.24 10:09:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\BOM
[2011.06.11 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2011.09.01 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2011.09.18 07:27:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.23 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\CheckPoint
[2011.09.05 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.01.23 06:51:26 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Lite
[2012.12.20 07:10:59 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2012.12.20 07:09:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.13 06:36:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\FileZilla
[2011.06.03 06:59:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Giub
[2011.05.21 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2012.12.30 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2012.11.10 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\kock
[2011.09.05 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Nvu
[2011.07.18 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2012.12.18 07:34:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2011.07.02 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Outerspace Software
[2012.02.26 08:38:51 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\picpick
[2011.05.21 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2012.05.29 06:18:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\QuickNote
[2012.08.29 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\redsn0w
[2012.11.11 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ryubyc
[2012.05.13 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Samsung
[2011.09.18 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\SlySoft
[2012.07.18 06:27:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Summitsoft
[2012.10.04 06:45:06 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\T-Online
[2011.05.20 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Thunderbird
[2011.06.03 07:07:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ubny
[2011.11.11 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Unity
[2012.03.18 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Visan
[2012.11.11 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Vuumf
[2012.11.11 14:20:01 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Wuydy
[2012.11.17 08:04:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.03 07:02:31 | 000,000,000 | -H-D | M] -- C:\$AVG
[2009.09.11 12:44:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.22 14:06:25 | 000,000,000 | ---D | M] -- C:\ADCDA2
[2011.05.21 10:16:37 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.08.31 17:35:56 | 000,000,000 | ---D | M] -- C:\Bosch_PR
[2011.08.27 15:11:18 | 000,000,000 | ---D | M] -- C:\data
[2011.07.02 15:26:23 | 000,000,000 | ---D | M] -- C:\DirectX
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.21 18:21:46 | 000,000,000 | ---D | M] -- C:\downloads
[2012.02.10 21:57:48 | 000,000,000 | ---D | M] -- C:\elearn
[2011.08.31 17:30:23 | 000,000,000 | ---D | M] -- C:\ESI
[2011.05.21 08:35:55 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.07 11:13:09 | 000,000,000 | ---D | M] -- C:\PDU-API
[2011.05.21 10:35:28 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.28 12:59:34 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.30 13:27:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.27 18:02:23 | 000,000,000 | ---D | M] -- C:\PROGRAMME
[2011.10.07 11:16:58 | 000,000,000 | ---D | M] -- C:\SIDIS
[2009.07.27 03:58:28 | 000,000,000 | ---D | M] -- C:\SoftwareMedia
[2012.12.29 18:19:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.24 18:26:04 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.11 12:27:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.10 09:08:14 | 000,000,000 | ---D | M] -- C:\VCDS-Dt
[2011.08.27 15:12:24 | 000,000,000 | ---D | M] -- C:\VW
[2012.12.30 13:54:23 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.18 15:56:22 | 000,000,338 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job
[2012.07.30 06:08:14 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 09:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.30 14:08:32 | 003,407,872 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT
[2012.12.30 14:08:32 | 000,262,144 | -H-- | M] () -- C:\Users\Meier\ntuser.dat.LOG1
[2009.09.11 12:27:02 | 000,000,000 | -H-- | M] () -- C:\Users\Meier\ntuser.dat.LOG2
[2012.12.30 13:25:54 | 000,065,536 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.12.30 13:25:54 | 000,524,288 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.09.11 12:50:49 | 000,524,288 | -HS- | M] () -- C:\Users\Meier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.09.11 12:27:02 | 000,000,020 | -HS- | M] () -- C:\Users\Meier\ntuser.ini
[2012.12.28 14:57:12 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Meier\wgsdgsdgdsgsd.dll
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extra
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2012 14:01:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 82,49% Memory free
6,07 Gb Paging File | 5,77 Gb Available in Paging File | 95,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 10,67 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 51,19 Gb Free Space | 22,65% Space Free | Partition Type: NTFS
Drive H: | 7,53 Gb Total Space | 4,92 Gb Free Space | 65,36% Space Free | Partition Type: FAT32
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E1B2BA-4D0D-48F2-B85D-5AD2AAA03EF3}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CB755DE-C26B-478F-B93F-8B76E786987F}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 
"{4E36276B-377B-4AE8-BDB9-2D4968309054}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5827B32A-D4D5-4A32-B9DE-0922199E086A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0116A668-DC41-4EB1-BFBA-5E03AB4AA8CD}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{07AB1545-55A9-46B7-B19C-10393B8AE2A0}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{0A926B26-529C-4B9C-B150-A911BECC60D3}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloaderd3d.exe | 
"{0D246472-438A-43B3-91AF-99E9A770B7AB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{25E3F03C-CB92-4875-8FB9-0FD684FABB4D}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloaderd3d.exe | 
"{283D0BF2-930A-46DC-86E0-8A63CDF24319}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{3248F8AC-B83B-4A41-A8D7-ACB17025AA5C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{346A2E15-B393-4292-8529-6A9D50B1B4FD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{431619C1-81ED-4303-B9AB-981E536E67B5}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{453280DF-A5FC-4F7A-9662-290409A52B60}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{4AC9CE74-C5CC-476F-96DE-F07662F9301B}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe | 
"{4D8D76BF-27D6-465D-8409-135BF49512C0}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe | 
"{52F53646-9F30-44C3-9471-702EF72C9966}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{59509E3E-2200-456D-8410-9804FEB06D80}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jduninstall.exe | 
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5CACD83E-3A37-46A7-8FA7-BFC23E48D763}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{5CFF3385-059E-4998-B695-A728B65AFCDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{5D81B13D-5200-4181-82C0-1450A7FF8798}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6E3C90D4-9768-44CA-9FD5-2C8F48F47510}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{786768D3-AD4D-4997-B6AB-93637958FDDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{97A8FEFD-B9D5-43C2-808F-756B20DFB204}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9BE008D8-1982-47D0-8852-AEE26D2D7EFC}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{A24EFF00-EB8B-4029-B721-7B7631C09632}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{A4700756-B20D-418B-9E50-53546A7F74BC}" = protocol=6 | dir=in | app=d:\program files\teamviewer\version6\teamviewer.exe | 
"{A9248B2E-15F4-4C21-B757-1EDF44B99648}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jduninstall.exe | 
"{AB715771-8811-4EE6-A930-A6BB1241AC3F}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdupdate.exe | 
"{B86B662B-8A70-4D07-A5E6-8D81F9B4A165}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{C06062E2-0AA5-4C9B-A05C-5A16891AA011}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{C0E7B9B5-F405-4A54-B67C-C10DC07299E1}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{C150B2F2-312D-4D8E-9714-444727F9DA61}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C8F35BCB-AB01-48E8-B4F4-733F907C5A3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CF7B0942-1268-45BB-B806-ABA620A6D8AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D2619C63-C40B-4334-BB30-2CC3977C5A1C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{D7BF40C3-794D-4C32-AA03-79EE4C4F83CE}" = protocol=17 | dir=in | app=d:\program files\teamviewer\version6\teamviewer.exe | 
"{DBEDF4EE-730F-4ED4-8E48-25BE529FCB73}" = protocol=17 | dir=in | app=d:\program files\teamviewer\version6\teamviewer_service.exe | 
"{DE3745E5-82C2-4422-AFBD-240F286B9E05}" = protocol=6 | dir=in | app=d:\program files\teamviewer\version6\teamviewer_service.exe | 
"{EA727925-98A9-4F81-BE64-5D3BC470681C}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdupdate.exe | 
"{ECDEFAB5-03CF-445D-9D7C-B040211812AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{EFDACB0B-2FE4-4875-AA53-557377174955}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{F02DD740-DA01-4495-8F1A-AAAFEB89B72C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F6962748-4CE5-4FC6-8292-1CC2FC7F76AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FD390A9B-ED8B-4A01-AEE5-FDB60AF8CDAF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"TCP Query User{0F0BBFA9-4267-49A6-BFD0-A8B339FF6958}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{46951301-27AF-4A59-ABAC-3E28F34F34BC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{57178CFF-C4E7-4D88-A8F0-E77559D28101}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{83EE3334-FAEE-462D-A83D-803CEE6BE973}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{93300620-E9D0-40E9-8728-38E831FDBC25}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{BDE4A14D-B117-4725-8C32-A2F22FB0C6C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{03AB84E9-2EE4-418D-83B8-CC51C2F1AA12}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{25652DC7-30E8-4539-A9A0-5B0A8EC0D2E6}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{5D54323D-38B3-4E01-918A-0894B2404081}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5FA20667-CCD1-49B9-B185-A1F2F1900F16}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{D132CA3D-B4F2-4BBF-BCB1-9F030EA6B7FA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EE56E851-9568-4821-92FD-3C73CD8AEE8A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24E01F02-4261-42B8-9BD9-80E5E6D64952}" = HP Photosmart 7510 series Hilfe
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4856D36C-43EB-4D9C-B2EA-CFEE7B945E4F}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.10
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7F321B-5BFD-4367-92B7-D8FDF01CC13E}" = HP Photosmart 7510 series - Grundlegende Software für das Gerät
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B65F83E3-0B02-42AF-AAAE-539C349A4D9E}" = Studie zur Verbesserung von HP Photosmart 7510 series Produkten
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4AC672B-C8A2-4EAC-845A-35D0392E5BC2}" = VAS-PC Car Diagnostic System
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E84C3D56-7B4A-4853-BB4D-DA1B25A1E3FD}" = AltovaXML 2006
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1484503C23C0826E0CCB836028153036C40FB2BB" = Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02)
"1489-3350-5074-6281" = JDownloader 0.9
"7F56849458D215BF0D380991975D272EC75696C9" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AN QuickNote_is1" = AN QuickNote Version 5
"AVG" = AVG 2012
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"BluffTitler" = BluffTitler
"Bosch Viewer" = Bosch Viewer
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVDmobile" = CloneDVDmobile
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"D-PDU API V1.10.033 D-PDU API for VOLKSWAGEN" = D-PDU API V1.10.033 D-PDU API for VOLKSWAGEN
"DTS V7.71.095" = DTS V7.71.095
"eLearn 1.2.1_is1" = eLearn CDROM 1.0
"ElsaWin" = ElsaWin
"ESI Prüfwerte" = ESI Prüfwerte
"ESI[tronic]" = ESI[tronic]
"ETKA7.3_Germany_2011" = ETKA 7.3 Germany 2011
"Fraps" = Fraps (remove only)
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.37.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Hardlock Device Drivers" = Hardlock Device Drivers
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IsoBuster_is1" = IsoBuster 2.8.5
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mediencenter Software" = Mediencenter Assistent
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"moDiag_is1" = moDiag 2.8.600
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"Nvu_is1" = Nvu 1.0
"Orbit_is1" = Orbit Downloader
"PicPick" = PicPick
"PS3Splitter_is1" = PS3Splitter version 1.1.5.1
"SmartCheck" = NuMega SmartCheck
"SpeedFan" = SpeedFan (remove only)
"Steuergeräte-Diagnose_is1" = Steuergeräte-Diagnose SD-SW-Setup:2010/1_1_13 KTS500-V:2009-09-
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VAS505x-2 v9.10.003 Application" = VAS505x-2 v9.10.003 Application
"VAS-PC-2 BaseSystem" = VAS-PC-2 Diagnostic Base System
"VCDS AIB" = VCDS AIB 11.11
"VLC media player" = VLC media player 1.1.11
"Webasto Thermo Test" = Webasto Thermo Test 2.13
"WinHex" = WinHex
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"winscp3_is1" = WinSCP 4.3.4
"Yahoo! Messenger" = Yahoo! Messenger
"YASA VOB to MP4 Converter v3.9 (build 0059)" = YASA VOB to MP4 Converter v3.9 (build 0059)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2012 01:53:36 | Computer Name = Samsung | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40479233
 
Error - 21.12.2012 01:53:36 | Computer Name = Samsung | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40479233
 
Error - 21.12.2012 22:00:22 | Computer Name = Samsung | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.12.2012 22:00:22 | Computer Name = Samsung | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 69282431
 
Error - 21.12.2012 22:00:22 | Computer Name = Samsung | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 69282431
 
Error - 22.12.2012 22:06:15 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.12.2012 02:22:41 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2012 03:18:09 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 03:01:43 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 10:01:07 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 10:24:57 | Computer Name = Samsung | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 30.12.2012 08:29:13 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 30.12.2012 08:30:11 | Computer Name = Samsung | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.12.2012 08:54:10 | Computer Name = Samsung | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 30.12.2012 08:54:51 | Computer Name = Samsung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.12.2012 um 13:52:51 unerwartet heruntergefahren.
 
Error - 30.12.2012 08:55:07 | Computer Name = Samsung | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 08:55:20 | Computer Name = Samsung | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 08:55:21 | Computer Name = Samsung | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 08:55:23 | Computer Name = Samsung | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 08:55:31 | Computer Name = Samsung | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 09:03:30 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Möchte nicht Nerven aber hat jemand evtl. Nen nächsten Schritt für mich parat um das los zu werden danke schonmal


Alt 02.01.2013, 20:56   #6
markusg
/// Malware-holic
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> GVU Trojaner hat mich erwischt

Alt 03.01.2013, 08:15   #7
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hallo,

hier der Log von tdsskiller

Code:
ATTFilter
08:09:10.0115 0296  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:09:10.0130 0296  ============================================================
08:09:10.0130 0296  Current date / time: 2013/01/03 08:09:10.0130
08:09:10.0130 0296  SystemInfo:
08:09:10.0130 0296  
08:09:10.0130 0296  OS Version: 6.0.6002 ServicePack: 2.0
08:09:10.0130 0296  Product type: Workstation
08:09:10.0130 0296  ComputerName: SAMSUNG
08:09:10.0130 0296  UserName: Meier
08:09:10.0130 0296  Windows directory: C:\Windows
08:09:10.0130 0296  System windows directory: C:\Windows
08:09:10.0130 0296  Processor architecture: Intel x86
08:09:10.0130 0296  Number of processors: 2
08:09:10.0130 0296  Page size: 0x1000
08:09:10.0130 0296  Boot type: Safe boot
08:09:10.0130 0296  ============================================================
08:09:10.0629 0296  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:09:10.0629 0296  Drive \Device\Harddisk1\DR1 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:09:10.0629 0296  ============================================================
08:09:10.0629 0296  \Device\Harddisk0\DR0:
08:09:10.0629 0296  MBR partitions:
08:09:10.0629 0296  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x762C800
08:09:10.0629 0296  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x902D000, BlocksNum 0x1C401000
08:09:10.0629 0296  \Device\Harddisk1\DR1:
08:09:10.0629 0296  MBR partitions:
08:09:10.0629 0296  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x18, BlocksNum 0xF17FE8
08:09:10.0629 0296  ============================================================
08:09:10.0676 0296  C: <-> \Device\Harddisk0\DR0\Partition1
08:09:10.0707 0296  D: <-> \Device\Harddisk0\DR0\Partition2
08:09:10.0707 0296  ============================================================
08:09:10.0707 0296  Initialize success
08:09:10.0707 0296  ============================================================
08:09:45.0932 0400  ============================================================
08:09:45.0932 0400  Scan started
08:09:45.0932 0400  Mode: Manual; SigCheck; TDLFS; 
08:09:45.0932 0400  ============================================================
08:09:46.0229 0400  ================ Scan system memory ========================
08:09:46.0229 0400  System memory - ok
08:09:46.0229 0400  ================ Scan services =============================
08:09:46.0432 0400  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:09:46.0728 0400  ACPI - ok
08:09:46.0853 0400  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:09:46.0868 0400  AdobeFlashPlayerUpdateSvc - ok
08:09:46.0931 0400  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:09:46.0962 0400  adp94xx - ok
08:09:46.0978 0400  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:09:46.0993 0400  adpahci - ok
08:09:47.0009 0400  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:09:47.0024 0400  adpu160m - ok
08:09:47.0056 0400  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:09:47.0071 0400  adpu320 - ok
08:09:47.0102 0400  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:09:47.0258 0400  AeLookupSvc - ok
08:09:47.0305 0400  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
08:09:47.0368 0400  AFD - ok
08:09:47.0446 0400  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
08:09:47.0648 0400  AgereSoftModem - ok
08:09:47.0695 0400  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:09:47.0711 0400  agp440 - ok
08:09:47.0758 0400  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:09:47.0773 0400  aic78xx - ok
08:09:47.0804 0400  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
08:09:47.0929 0400  ALG - ok
08:09:47.0945 0400  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:09:47.0960 0400  aliide - ok
08:09:48.0023 0400  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:09:48.0038 0400  amdagp - ok
08:09:48.0038 0400  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:09:48.0054 0400  amdide - ok
08:09:48.0085 0400  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:09:48.0132 0400  AmdK7 - ok
08:09:48.0148 0400  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:09:48.0179 0400  AmdK8 - ok
08:09:48.0226 0400  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
08:09:48.0288 0400  Appinfo - ok
08:09:48.0382 0400  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:09:48.0397 0400  Apple Mobile Device - ok
08:09:48.0428 0400  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
08:09:48.0444 0400  arc - ok
08:09:48.0491 0400  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:09:48.0491 0400  arcsas - ok
08:09:48.0647 0400  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:09:48.0694 0400  aspnet_state - ok
08:09:48.0740 0400  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:09:48.0787 0400  AsyncMac - ok
08:09:48.0803 0400  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:09:48.0818 0400  atapi - ok
08:09:48.0881 0400  [ 09A644DA1F4C144DF1C9FE3CD75E22ED ] athr            C:\Windows\system32\DRIVERS\athr.sys
08:09:48.0959 0400  athr - ok
08:09:49.0021 0400  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:09:49.0052 0400  AudioEndpointBuilder - ok
08:09:49.0068 0400  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:09:49.0084 0400  Audiosrv - ok
08:09:49.0271 0400  [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
08:09:49.0505 0400  AVGIDSAgent - ok
08:09:49.0598 0400  [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
08:09:49.0645 0400  AVGIDSDriver - ok
08:09:49.0661 0400  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfilterx.sys
08:09:49.0661 0400  AVGIDSFilter - ok
08:09:49.0708 0400  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
08:09:49.0723 0400  AVGIDSHX - ok
08:09:49.0739 0400  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
08:09:49.0739 0400  AVGIDSShim - ok
08:09:49.0786 0400  [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
08:09:49.0801 0400  Avgldx86 - ok
08:09:49.0832 0400  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
08:09:49.0832 0400  Avgmfx86 - ok
08:09:49.0864 0400  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
08:09:49.0879 0400  Avgrkx86 - ok
08:09:49.0910 0400  [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
08:09:49.0926 0400  Avgtdix - ok
08:09:49.0957 0400  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
08:09:49.0988 0400  avgwd - ok
08:09:50.0035 0400  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
08:09:50.0098 0400  bcm4sbxp - ok
08:09:50.0129 0400  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:09:50.0176 0400  Beep - ok
08:09:50.0238 0400  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
08:09:50.0300 0400  BFE - ok
08:09:50.0347 0400  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
08:09:50.0597 0400  BITS - ok
08:09:50.0628 0400  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
08:09:50.0675 0400  blbdrive - ok
08:09:50.0753 0400  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:09:50.0784 0400  Bonjour Service - ok
08:09:50.0831 0400  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:09:50.0878 0400  bowser - ok
08:09:50.0940 0400  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:09:50.0971 0400  BrFiltLo - ok
08:09:51.0002 0400  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:09:51.0049 0400  BrFiltUp - ok
08:09:51.0096 0400  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
08:09:51.0143 0400  Browser - ok
08:09:51.0158 0400  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:09:51.0236 0400  Brserid - ok
08:09:51.0268 0400  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:09:51.0314 0400  BrSerWdm - ok
08:09:51.0330 0400  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:09:51.0392 0400  BrUsbMdm - ok
08:09:51.0408 0400  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:09:51.0439 0400  BrUsbSer - ok
08:09:51.0486 0400  [ 3472331B9D460212965B51A8D38E8BEC ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
08:09:51.0502 0400  BthAvrcp - ok
08:09:51.0533 0400  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
08:09:51.0564 0400  BthEnum - ok
08:09:51.0580 0400  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:09:51.0611 0400  BTHMODEM - ok
08:09:51.0626 0400  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:09:51.0673 0400  BthPan - ok
08:09:51.0720 0400  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
08:09:51.0782 0400  BTHPORT - ok
08:09:51.0814 0400  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
08:09:51.0860 0400  BthServ - ok
08:09:51.0876 0400  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
08:09:51.0892 0400  BTHUSB - ok
08:09:51.0954 0400  [ AFAB1D4CAB04218CBAB0AE69625D0D65 ] cbfs3           C:\Windows\system32\drivers\cbfs3.sys
08:09:51.0970 0400  cbfs3 - ok
08:09:52.0001 0400  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:09:52.0048 0400  cdfs - ok
08:09:52.0094 0400  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:09:52.0126 0400  cdrom - ok
08:09:52.0157 0400  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:09:52.0204 0400  CertPropSvc - ok
08:09:52.0219 0400  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
08:09:52.0266 0400  circlass - ok
08:09:52.0297 0400  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
08:09:52.0313 0400  CLFS - ok
08:09:52.0360 0400  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:09:52.0375 0400  clr_optimization_v2.0.50727_32 - ok
08:09:52.0422 0400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:09:52.0609 0400  clr_optimization_v4.0.30319_32 - ok
08:09:52.0656 0400  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:09:52.0703 0400  CmBatt - ok
08:09:52.0718 0400  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:09:52.0718 0400  cmdide - ok
08:09:52.0750 0400  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:09:52.0765 0400  Compbatt - ok
08:09:52.0765 0400  COMSysApp - ok
08:09:52.0874 0400  cpuz135 - ok
08:09:52.0890 0400  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:09:52.0906 0400  crcdisk - ok
08:09:52.0921 0400  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:09:52.0968 0400  Crusoe - ok
08:09:53.0030 0400  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:09:53.0077 0400  CryptSvc - ok
08:09:53.0124 0400  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:09:53.0186 0400  DcomLaunch - ok
08:09:53.0280 0400  [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
08:09:53.0311 0400  DCService.exe ( UnsignedFile.Multi.Generic ) - warning
08:09:53.0311 0400  DCService.exe - detected UnsignedFile.Multi.Generic (1)
08:09:53.0342 0400  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:09:53.0389 0400  DfsC - ok
08:09:53.0467 0400  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
08:09:53.0576 0400  DFSR - ok
08:09:53.0623 0400  [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
08:09:53.0670 0400  dg_ssudbus - ok
08:09:53.0717 0400  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:09:53.0748 0400  Dhcp - ok
08:09:53.0779 0400  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
08:09:53.0795 0400  disk - ok
08:09:53.0842 0400  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:09:53.0888 0400  Dnscache - ok
08:09:53.0935 0400  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:09:53.0951 0400  dot3svc - ok
08:09:53.0966 0400  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
08:09:54.0013 0400  DPS - ok
08:09:54.0044 0400  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:09:54.0076 0400  drmkaud - ok
08:09:54.0122 0400  [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:09:54.0122 0400  dtsoftbus01 - ok
08:09:54.0185 0400  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:09:54.0200 0400  DXGKrnl - ok
08:09:54.0232 0400  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:09:54.0263 0400  E1G60 - ok
08:09:54.0294 0400  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
08:09:54.0325 0400  EapHost - ok
08:09:54.0388 0400  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:09:54.0403 0400  Ecache - ok
08:09:54.0466 0400  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:09:54.0528 0400  ehRecvr - ok
08:09:54.0544 0400  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
08:09:54.0559 0400  ehSched - ok
08:09:54.0575 0400  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
08:09:54.0606 0400  ehstart - ok
08:09:54.0653 0400  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:09:54.0668 0400  elxstor - ok
08:09:54.0715 0400  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:09:54.0793 0400  EMDMgmt - ok
08:09:54.0840 0400  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:09:54.0871 0400  ErrDev - ok
08:09:54.0918 0400  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
08:09:54.0949 0400  EventSystem - ok
08:09:55.0012 0400  [ 921878114F48949CFAE9ABE6FC4C4CC3 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
08:09:55.0043 0400  ewusbnet - ok
08:09:55.0074 0400  [ E98A64C7F106740A38FB2B78197816F8 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
08:09:55.0105 0400  ew_hwusbdev - ok
08:09:55.0152 0400  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
08:09:55.0199 0400  exfat - ok
08:09:55.0214 0400  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:09:55.0246 0400  fastfat - ok
08:09:55.0292 0400  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:09:55.0339 0400  fdc - ok
08:09:55.0355 0400  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:09:55.0386 0400  fdPHost - ok
08:09:55.0402 0400  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:09:55.0464 0400  FDResPub - ok
08:09:55.0495 0400  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:09:55.0511 0400  FileInfo - ok
08:09:55.0526 0400  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:09:55.0558 0400  Filetrace - ok
08:09:55.0636 0400  [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:09:55.0667 0400  FLEXnet Licensing Service - ok
08:09:55.0698 0400  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:09:55.0745 0400  flpydisk - ok
08:09:55.0776 0400  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:09:55.0792 0400  FltMgr - ok
08:09:55.0870 0400  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
08:09:55.0916 0400  FontCache - ok
08:09:55.0979 0400  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:09:55.0994 0400  FontCache3.0.0.0 - ok
08:09:56.0026 0400  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:09:56.0072 0400  Fs_Rec - ok
08:09:56.0119 0400  [ 99BF2E6CD961508B1573D1D01999FCC4 ] FTDIBUS         C:\Windows\system32\drivers\ai-usb.sys
08:09:56.0182 0400  FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
08:09:56.0182 0400  FTDIBUS - detected UnsignedFile.Multi.Generic (1)
08:09:56.0182 0400  FTSER2K - ok
08:09:56.0228 0400  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:09:56.0228 0400  gagp30kx - ok
08:09:56.0275 0400  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:09:56.0291 0400  GEARAspiWDM - ok
08:09:56.0322 0400  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
08:09:56.0353 0400  giveio ( UnsignedFile.Multi.Generic ) - warning
08:09:56.0353 0400  giveio - detected UnsignedFile.Multi.Generic (1)
08:09:56.0400 0400  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:09:56.0478 0400  gpsvc - ok
08:09:56.0525 0400  [ D95554949082FD29A04D351B58396718 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
08:09:56.0603 0400  Hardlock - ok
08:09:56.0681 0400  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:09:56.0743 0400  HdAudAddService - ok
08:09:56.0790 0400  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:09:56.0821 0400  HDAudBus - ok
08:09:56.0852 0400  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:09:56.0884 0400  HidBth - ok
08:09:56.0899 0400  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:09:56.0946 0400  HidIr - ok
08:09:56.0993 0400  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
08:09:57.0008 0400  hidserv - ok
08:09:57.0040 0400  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:09:57.0055 0400  HidUsb - ok
08:09:57.0102 0400  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:09:57.0133 0400  hkmsvc - ok
08:09:57.0149 0400  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:09:57.0164 0400  HpCISSs - ok
08:09:57.0211 0400  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:09:57.0274 0400  HTTP - ok
08:09:57.0320 0400  [ 22A4B14530194FC57C1C849FB5AFEE17 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
08:09:57.0352 0400  huawei_enumerator - ok
08:09:57.0414 0400  [ 0B3957226EC94B1ECB7B9348BB535A23 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:09:57.0461 0400  hwdatacard - ok
08:09:57.0492 0400  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:09:57.0508 0400  i2omp - ok
08:09:57.0539 0400  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:09:57.0570 0400  i8042prt - ok
08:09:57.0788 0400  [ DCE0B53570703CCE580D066F89EF58CD ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
08:09:58.0163 0400  ialm - ok
08:09:58.0225 0400  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
08:09:58.0256 0400  iaStor - ok
08:09:58.0303 0400  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:09:58.0319 0400  iaStorV - ok
08:09:58.0366 0400  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:09:58.0366 0400  IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:09:58.0366 0400  IDriverT - detected UnsignedFile.Multi.Generic (1)
08:09:58.0444 0400  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:09:58.0490 0400  idsvc - ok
08:09:58.0693 0400  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
08:09:58.0880 0400  igfx - ok
08:09:58.0927 0400  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:09:58.0927 0400  iirsp - ok
08:09:58.0974 0400  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:09:59.0036 0400  IKEEXT - ok
08:09:59.0114 0400  [ 64F2EF1749A977917C40F546E72182B3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:09:59.0177 0400  IntcAzAudAddService - ok
08:09:59.0239 0400  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:09:59.0255 0400  intelide - ok
08:09:59.0317 0400  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:09:59.0348 0400  intelppm - ok
08:09:59.0364 0400  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:09:59.0395 0400  IPBusEnum - ok
08:09:59.0426 0400  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:09:59.0458 0400  IpFilterDriver - ok
08:09:59.0504 0400  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:09:59.0551 0400  iphlpsvc - ok
08:09:59.0551 0400  IpInIp - ok
08:09:59.0567 0400  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:09:59.0598 0400  IPMIDRV - ok
08:09:59.0614 0400  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:09:59.0660 0400  IPNAT - ok
08:09:59.0707 0400  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:09:59.0738 0400  iPod Service - ok
08:09:59.0754 0400  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:09:59.0770 0400  IRENUM - ok
08:09:59.0816 0400  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:09:59.0816 0400  isapnp - ok
08:09:59.0863 0400  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:09:59.0879 0400  iScsiPrt - ok
08:09:59.0926 0400  [ 08A811BFD207DFDEC588881C18BACBAA ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
08:09:59.0926 0400  ISWKL - ok
08:09:59.0957 0400  [ 5B2CCEF06F96DFB22893AB8F0B3F891D ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
08:09:59.0972 0400  IswSvc - ok
08:10:00.0004 0400  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:10:00.0004 0400  iteatapi - ok
08:10:00.0035 0400  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:10:00.0035 0400  iteraid - ok
08:10:00.0082 0400  [ 75412A4B547DEFD7949376828A1A9B18 ] IWPORT          C:\Windows\SYSTEM32\DRIVERS\IWPORT.SYS
08:10:00.0113 0400  IWPORT ( UnsignedFile.Multi.Generic ) - warning
08:10:00.0113 0400  IWPORT - detected UnsignedFile.Multi.Generic (1)
08:10:00.0128 0400  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:10:00.0144 0400  kbdclass - ok
08:10:00.0175 0400  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:10:00.0191 0400  kbdhid - ok
08:10:00.0222 0400  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
08:10:00.0269 0400  KeyIso - ok
08:10:00.0300 0400  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
08:10:00.0331 0400  KMDFMEMIO - ok
08:10:00.0362 0400  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:10:00.0394 0400  KSecDD - ok
08:10:00.0456 0400  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:10:00.0503 0400  KtmRm - ok
08:10:00.0550 0400  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:10:00.0596 0400  LanmanServer - ok
08:10:00.0674 0400  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:10:00.0737 0400  LanmanWorkstation - ok
08:10:00.0846 0400  [ 99F271176DA4FE58DF111D96811E26E3 ] LcSvrAdm        D:\ElsaWin\bin\LcSvrAdm.exe
08:10:00.0862 0400  LcSvrAdm ( UnsignedFile.Multi.Generic ) - warning
08:10:00.0862 0400  LcSvrAdm - detected UnsignedFile.Multi.Generic (1)
08:10:00.0908 0400  [ CA2605D4114063B2C5B1ECDABF6EF0B1 ] LcSvrAuf        D:\ElsaWin\bin\LcSvrAuf.exe
08:10:00.0986 0400  LcSvrAuf ( UnsignedFile.Multi.Generic ) - warning
08:10:00.0986 0400  LcSvrAuf - detected UnsignedFile.Multi.Generic (1)
08:10:01.0033 0400  [ B52272C663AC43EDEBE165CE0DEAA3AA ] LcSvrDba        D:\ElsaWin\bin\LcSvrDba.exe
08:10:01.0080 0400  LcSvrDba ( UnsignedFile.Multi.Generic ) - warning
08:10:01.0080 0400  LcSvrDba - detected UnsignedFile.Multi.Generic (1)
08:10:01.0142 0400  [ D36EF60E54E9358913F6FDE465D9BBBD ] LcSvrHis        D:\ElsaWin\bin\LcSvrHis.exe
08:10:01.0205 0400  LcSvrHis ( UnsignedFile.Multi.Generic ) - warning
08:10:01.0205 0400  LcSvrHis - detected UnsignedFile.Multi.Generic (1)
08:10:01.0252 0400  [ 48E03714B1CEC5AC335406A96ACC8C8C ] LcSvrPAS        D:\ElsaWin\bin\LcSvrPas.exe
08:10:01.0283 0400  LcSvrPAS ( UnsignedFile.Multi.Generic ) - warning
08:10:01.0283 0400  LcSvrPAS - detected UnsignedFile.Multi.Generic (1)
08:10:01.0314 0400  [ E302C2B1FB2FE552EFEFACD6BDE3D58D ] LcSvrSaz        D:\ElsaWin\bin\LcSvrSaz.exe
08:10:01.0361 0400  LcSvrSaz ( UnsignedFile.Multi.Generic ) - warning
08:10:01.0361 0400  LcSvrSaz - detected UnsignedFile.Multi.Generic (1)
08:10:01.0392 0400  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:10:01.0423 0400  lltdio - ok
08:10:01.0470 0400  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:10:01.0517 0400  lltdsvc - ok
08:10:01.0548 0400  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:10:01.0595 0400  lmhosts - ok
08:10:01.0610 0400  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:10:01.0626 0400  LSI_FC - ok
08:10:01.0642 0400  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:10:01.0657 0400  LSI_SAS - ok
08:10:01.0688 0400  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:10:01.0688 0400  LSI_SCSI - ok
08:10:01.0704 0400  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
08:10:01.0751 0400  luafv - ok
08:10:01.0891 0400  [ B936CA23B7654C56048B2BF8E2198A89 ] MCSWASVR        D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
08:10:01.0891 0400  MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
08:10:01.0891 0400  MCSWASVR - detected UnsignedFile.Multi.Generic (1)
08:10:01.0922 0400  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:10:01.0954 0400  Mcx2Svc - ok
08:10:01.0985 0400  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:10:02.0000 0400  megasas - ok
08:10:02.0047 0400  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
08:10:02.0063 0400  MegaSR - ok
08:10:02.0094 0400  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
08:10:02.0141 0400  MMCSS - ok
08:10:02.0172 0400  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
08:10:02.0203 0400  Modem - ok
08:10:02.0219 0400  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:10:02.0250 0400  monitor - ok
08:10:02.0250 0400  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:10:02.0266 0400  mouclass - ok
08:10:02.0281 0400  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:10:02.0312 0400  mouhid - ok
08:10:02.0328 0400  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:10:02.0344 0400  MountMgr - ok
08:10:02.0406 0400  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:10:02.0422 0400  MozillaMaintenance - ok
08:10:02.0468 0400  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:10:02.0484 0400  mpio - ok
08:10:02.0484 0400  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:10:02.0531 0400  mpsdrv - ok
08:10:02.0578 0400  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:10:02.0624 0400  MpsSvc - ok
08:10:02.0640 0400  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:10:02.0640 0400  Mraid35x - ok
08:10:02.0687 0400  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:10:02.0702 0400  MRxDAV - ok
08:10:02.0734 0400  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:10:02.0765 0400  mrxsmb - ok
08:10:02.0796 0400  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:10:02.0812 0400  mrxsmb10 - ok
08:10:02.0827 0400  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:10:02.0858 0400  mrxsmb20 - ok
08:10:02.0890 0400  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
08:10:02.0905 0400  msahci - ok
08:10:02.0936 0400  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:10:02.0952 0400  msdsm - ok
08:10:02.0968 0400  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
08:10:03.0014 0400  MSDTC - ok
08:10:03.0030 0400  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:10:03.0061 0400  Msfs - ok
08:10:03.0077 0400  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:10:03.0092 0400  msisadrv - ok
08:10:03.0124 0400  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:10:03.0155 0400  MSiSCSI - ok
08:10:03.0170 0400  msiserver - ok
08:10:03.0186 0400  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:10:03.0233 0400  MSKSSRV - ok
08:10:03.0248 0400  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:10:03.0280 0400  MSPCLOCK - ok
08:10:03.0311 0400  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:10:03.0342 0400  MSPQM - ok
08:10:03.0373 0400  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:10:03.0389 0400  MsRPC - ok
08:10:03.0404 0400  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:10:03.0420 0400  mssmbios - ok
08:10:03.0436 0400  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:10:03.0482 0400  MSTEE - ok
08:10:03.0514 0400  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
08:10:03.0529 0400  Mup - ok
08:10:03.0560 0400  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
08:10:03.0592 0400  napagent - ok
08:10:03.0638 0400  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:10:03.0654 0400  NativeWifiP - ok
08:10:03.0716 0400  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:10:03.0748 0400  NDIS - ok
08:10:03.0794 0400  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:10:03.0826 0400  NdisTapi - ok
08:10:03.0841 0400  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:10:03.0872 0400  Ndisuio - ok
08:10:03.0904 0400  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:10:03.0935 0400  NdisWan - ok
08:10:03.0950 0400  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:10:03.0982 0400  NDProxy - ok
08:10:04.0013 0400  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
08:10:04.0044 0400  Netaapl - ok
08:10:04.0060 0400  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:10:04.0091 0400  NetBIOS - ok
08:10:04.0138 0400  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:10:04.0169 0400  netbt - ok
08:10:04.0169 0400  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
08:10:04.0184 0400  Netlogon - ok
08:10:04.0216 0400  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
08:10:04.0247 0400  Netman - ok
08:10:04.0294 0400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:10:04.0387 0400  NetMsmqActivator - ok
08:10:04.0403 0400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:10:04.0418 0400  NetPipeActivator - ok
08:10:04.0434 0400  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
08:10:04.0465 0400  netprofm - ok
08:10:04.0481 0400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:10:04.0481 0400  NetTcpActivator - ok
08:10:04.0496 0400  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:10:04.0496 0400  NetTcpPortSharing - ok
08:10:04.0590 0400  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
08:10:04.0699 0400  NETw3v32 - ok
08:10:04.0715 0400  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:10:04.0730 0400  nfrd960 - ok
08:10:04.0762 0400  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:10:04.0840 0400  NlaSvc - ok
08:10:04.0886 0400  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:10:04.0918 0400  Npfs - ok
08:10:04.0949 0400  [ F8E396F5E703D7A8F37D90F59C776268 ] NSHE            C:\Windows\system32\Drivers\NSHE.SYS
08:10:04.0964 0400  NSHE ( UnsignedFile.Multi.Generic ) - warning
08:10:04.0964 0400  NSHE - detected UnsignedFile.Multi.Generic (1)
08:10:04.0980 0400  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
08:10:05.0011 0400  nsi - ok
08:10:05.0042 0400  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:10:05.0074 0400  nsiproxy - ok
08:10:05.0136 0400  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:10:05.0167 0400  Ntfs - ok
08:10:05.0198 0400  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:10:05.0261 0400  ntrigdigi - ok
08:10:05.0276 0400  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
08:10:05.0323 0400  Null - ok
08:10:05.0339 0400  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:10:05.0354 0400  nvraid - ok
08:10:05.0370 0400  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:10:05.0370 0400  nvstor - ok
08:10:05.0417 0400  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:10:05.0417 0400  nv_agp - ok
08:10:05.0432 0400  NwlnkFlt - ok
08:10:05.0432 0400  NwlnkFwd - ok
08:10:05.0464 0400  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:10:05.0495 0400  ohci1394 - ok
08:10:05.0526 0400  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:10:05.0588 0400  p2pimsvc - ok
08:10:05.0604 0400  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:10:05.0651 0400  p2psvc - ok
08:10:05.0682 0400  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
08:10:05.0729 0400  Parport - ok
08:10:05.0760 0400  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:10:05.0776 0400  partmgr - ok
08:10:05.0791 0400  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
08:10:05.0854 0400  Parvdm - ok
08:10:05.0885 0400  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:10:05.0916 0400  PcaSvc - ok
08:10:05.0947 0400  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
08:10:05.0963 0400  pci - ok
08:10:05.0994 0400  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
08:10:06.0010 0400  pciide - ok
08:10:06.0041 0400  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:10:06.0056 0400  pcmcia - ok
08:10:06.0103 0400  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:10:06.0197 0400  PEAUTH - ok
08:10:06.0290 0400  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
08:10:06.0368 0400  pla - ok
08:10:06.0400 0400  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:10:06.0431 0400  PlugPlay - ok
08:10:06.0462 0400  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:10:06.0478 0400  PNRPAutoReg - ok
08:10:06.0493 0400  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:10:06.0509 0400  PNRPsvc - ok
08:10:06.0556 0400  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:10:06.0618 0400  PolicyAgent - ok
08:10:06.0665 0400  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:10:06.0696 0400  PptpMiniport - ok
08:10:06.0712 0400  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
08:10:06.0758 0400  Processor - ok
08:10:06.0790 0400  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:10:06.0836 0400  ProfSvc - ok
08:10:06.0852 0400  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:10:06.0852 0400  ProtectedStorage - ok
08:10:06.0883 0400  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:10:06.0914 0400  PSched - ok
08:10:06.0977 0400  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:10:07.0008 0400  ql2300 - ok
08:10:07.0055 0400  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:10:07.0055 0400  ql40xx - ok
08:10:07.0102 0400  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
08:10:07.0133 0400  QWAVE - ok
08:10:07.0148 0400  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:10:07.0164 0400  QWAVEdrv - ok
08:10:07.0180 0400  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:10:07.0226 0400  RasAcd - ok
08:10:07.0242 0400  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
08:10:07.0258 0400  RasAuto - ok
08:10:07.0289 0400  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:10:07.0304 0400  Rasl2tp - ok
08:10:07.0351 0400  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
08:10:07.0367 0400  RasMan - ok
08:10:07.0398 0400  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:10:07.0429 0400  RasPppoe - ok
08:10:07.0460 0400  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:10:07.0492 0400  RasSstp - ok
08:10:07.0523 0400  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:10:07.0554 0400  rdbss - ok
08:10:07.0585 0400  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:10:07.0616 0400  RDPCDD - ok
08:10:07.0648 0400  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:10:07.0663 0400  rdpdr - ok
08:10:07.0679 0400  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:10:07.0694 0400  RDPENCDD - ok
08:10:07.0741 0400  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:10:07.0772 0400  RDPWD - ok
08:10:07.0835 0400  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:10:07.0850 0400  RemoteAccess - ok
08:10:07.0897 0400  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:10:07.0913 0400  RemoteRegistry - ok
08:10:07.0960 0400  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:10:07.0975 0400  RFCOMM - ok
08:10:07.0991 0400  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:10:08.0022 0400  RpcLocator - ok
08:10:08.0053 0400  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
08:10:08.0084 0400  RpcSs - ok
08:10:08.0116 0400  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:10:08.0162 0400  rspndr - ok
08:10:08.0209 0400  [ 034033F5A921764D8C4BA6698800D95B ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:10:08.0256 0400  RTL8169 - ok
08:10:08.0287 0400  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
08:10:08.0303 0400  SamSs - ok
08:10:08.0318 0400  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:10:08.0334 0400  sbp2port - ok
08:10:08.0365 0400  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:10:08.0396 0400  SCardSvr - ok
08:10:08.0443 0400  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
08:10:08.0537 0400  Schedule - ok
08:10:08.0584 0400  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:10:08.0599 0400  SCPolicySvc - ok
08:10:08.0630 0400  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
08:10:08.0677 0400  sdbus - ok
08:10:08.0708 0400  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:10:08.0740 0400  SDRSVC - ok
08:10:08.0755 0400  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:10:08.0802 0400  secdrv - ok
08:10:08.0818 0400  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
08:10:08.0849 0400  seclogon - ok
08:10:08.0864 0400  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
08:10:08.0896 0400  SENS - ok
08:10:08.0911 0400  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:10:08.0974 0400  Serenum - ok
08:10:08.0989 0400  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
08:10:09.0052 0400  Serial - ok
08:10:09.0067 0400  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:10:09.0083 0400  sermouse - ok
08:10:09.0130 0400  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:10:09.0176 0400  SessionEnv - ok
08:10:09.0192 0400  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:10:09.0208 0400  sffdisk - ok
08:10:09.0239 0400  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:10:09.0270 0400  sffp_mmc - ok
08:10:09.0286 0400  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:10:09.0301 0400  sffp_sd - ok
08:10:09.0317 0400  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:10:09.0364 0400  sfloppy - ok
08:10:09.0411 0400  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:10:09.0442 0400  SharedAccess - ok
08:10:09.0489 0400  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:10:09.0535 0400  ShellHWDetection - ok
08:10:09.0535 0400  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:10:09.0551 0400  sisagp - ok
08:10:09.0582 0400  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:10:09.0582 0400  SiSRaid2 - ok
08:10:09.0629 0400  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:10:09.0645 0400  SiSRaid4 - ok
08:10:09.0676 0400  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     D:\Program Files\Skype\Updater\Updater.exe
08:10:09.0691 0400  SkypeUpdate - ok
08:10:09.0785 0400  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
08:10:09.0925 0400  slsvc - ok
08:10:09.0972 0400  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:10:09.0988 0400  SLUINotify - ok
08:10:10.0019 0400  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:10:10.0035 0400  Smb - ok
08:10:10.0066 0400  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:10:10.0097 0400  SNMPTRAP - ok
08:10:10.0113 0400  [ 9F70CD5EDCC4EFC48AE21E04FB03BE9D ] speedfan        C:\Windows\system32\speedfan.sys
08:10:10.0128 0400  speedfan - ok
08:10:10.0159 0400  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
08:10:10.0175 0400  spldr - ok
08:10:10.0206 0400  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
08:10:10.0253 0400  Spooler - ok
08:10:10.0300 0400  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
08:10:10.0331 0400  sptd - ok
08:10:10.0393 0400  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:10:10.0409 0400  SQLWriter - ok
08:10:10.0440 0400  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:10:10.0503 0400  srv - ok
08:10:10.0534 0400  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:10:10.0581 0400  srv2 - ok
08:10:10.0596 0400  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:10:10.0612 0400  srvnet - ok
08:10:10.0643 0400  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:10:10.0690 0400  SSDPSRV - ok
08:10:10.0705 0400  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:10:10.0721 0400  SstpSvc - ok
08:10:10.0752 0400  [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
08:10:10.0768 0400  ssudmdm - ok
08:10:10.0799 0400  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
08:10:10.0815 0400  StillCam - ok
08:10:10.0877 0400  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
08:10:10.0924 0400  stisvc - ok
08:10:10.0971 0400  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:10:10.0986 0400  swenum - ok
08:10:11.0064 0400  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:10:11.0095 0400  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
08:10:11.0095 0400  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
08:10:11.0142 0400  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
08:10:11.0205 0400  swprv - ok
08:10:11.0220 0400  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:10:11.0236 0400  Symc8xx - ok
08:10:11.0251 0400  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:10:11.0267 0400  Sym_hi - ok
08:10:11.0283 0400  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:10:11.0298 0400  Sym_u3 - ok
08:10:11.0329 0400  [ 71837FBCE3FD8143953444B3FF7938DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
08:10:11.0345 0400  SynTP - ok
08:10:11.0392 0400  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
08:10:11.0439 0400  SysMain - ok
08:10:11.0485 0400  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:10:11.0532 0400  TabletInputService - ok
08:10:11.0579 0400  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:10:11.0610 0400  TapiSrv - ok
08:10:11.0626 0400  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
08:10:11.0657 0400  TBS - ok
08:10:11.0704 0400  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:10:11.0735 0400  Tcpip - ok
08:10:11.0751 0400  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:10:11.0782 0400  Tcpip6 - ok
08:10:11.0797 0400  [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:10:11.0813 0400  tcpipreg - ok
08:10:11.0844 0400  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:10:11.0860 0400  TDPIPE - ok
08:10:11.0891 0400  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:10:11.0922 0400  TDTCP - ok
08:10:11.0953 0400  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:10:11.0969 0400  tdx - ok
08:10:12.0141 0400  [ B357451A6958E2B7B506FB1D08271BE6 ] TeamViewer6     D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
08:10:12.0203 0400  TeamViewer6 - ok
08:10:12.0234 0400  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:10:12.0250 0400  TermDD - ok
08:10:12.0297 0400  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
08:10:12.0359 0400  TermService - ok
08:10:12.0390 0400  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
08:10:12.0406 0400  Themes - ok
08:10:12.0406 0400  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
08:10:12.0437 0400  THREADORDER - ok
08:10:12.0453 0400  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
08:10:12.0499 0400  TrkWks - ok
08:10:12.0562 0400  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:10:12.0593 0400  TrustedInstaller - ok
08:10:12.0640 0400  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:10:12.0671 0400  tssecsrv - ok
08:10:12.0687 0400  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:10:12.0718 0400  tunmp - ok
08:10:12.0749 0400  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:10:12.0780 0400  tunnel - ok
08:10:12.0796 0400  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:10:12.0811 0400  uagp35 - ok
08:10:12.0858 0400  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:10:12.0874 0400  udfs - ok
08:10:12.0921 0400  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:10:12.0936 0400  UI0Detect - ok
08:10:12.0967 0400  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:10:12.0983 0400  uliagpkx - ok
08:10:12.0999 0400  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:10:13.0014 0400  uliahci - ok
08:10:13.0030 0400  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:10:13.0045 0400  UlSata - ok
08:10:13.0077 0400  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:10:13.0092 0400  ulsata2 - ok
08:10:13.0108 0400  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:10:13.0155 0400  umbus - ok
08:10:13.0170 0400  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
08:10:13.0217 0400  upnphost - ok
08:10:13.0264 0400  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
08:10:13.0311 0400  USBAAPL - ok
08:10:13.0326 0400  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:10:13.0357 0400  usbccgp - ok
08:10:13.0389 0400  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:10:13.0451 0400  usbcir - ok
08:10:13.0482 0400  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:10:13.0513 0400  usbehci - ok
08:10:13.0529 0400  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:10:13.0560 0400  usbhub - ok
08:10:13.0560 0400  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:10:13.0623 0400  usbohci - ok
08:10:13.0654 0400  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:10:13.0685 0400  usbprint - ok
08:10:13.0716 0400  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:10:13.0747 0400  usbscan - ok
08:10:13.0763 0400  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:10:13.0794 0400  USBSTOR - ok
08:10:13.0810 0400  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:10:13.0841 0400  usbuhci - ok
08:10:13.0872 0400  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:10:13.0903 0400  usbvideo - ok
08:10:13.0950 0400  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
08:10:13.0981 0400  UxSms - ok
08:10:14.0013 0400  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
08:10:14.0044 0400  vds - ok
08:10:14.0091 0400  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:10:14.0122 0400  vga - ok
08:10:14.0137 0400  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:10:14.0153 0400  VgaSave - ok
08:10:14.0169 0400  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:10:14.0184 0400  viaagp - ok
08:10:14.0200 0400  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:10:14.0231 0400  ViaC7 - ok
08:10:14.0247 0400  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
08:10:14.0262 0400  viaide - ok
08:10:14.0278 0400  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:10:14.0293 0400  volmgr - ok
08:10:14.0325 0400  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:10:14.0340 0400  volmgrx - ok
08:10:14.0387 0400  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:10:14.0403 0400  volsnap - ok
08:10:14.0449 0400  [ 6983D0BCAC64C2D7460C2125F804F118 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
08:10:14.0481 0400  Vsdatant - ok
08:10:14.0512 0400  vsdatant7 - ok
08:10:14.0559 0400  vsmon - ok
08:10:14.0590 0400  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:10:14.0605 0400  vsmraid - ok
08:10:14.0652 0400  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
08:10:14.0699 0400  VSS - ok
08:10:14.0730 0400  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
08:10:14.0761 0400  W32Time - ok
08:10:14.0777 0400  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:10:14.0839 0400  WacomPen - ok
08:10:14.0855 0400  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:10:14.0886 0400  Wanarp - ok
08:10:14.0902 0400  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:10:14.0917 0400  Wanarpv6 - ok
08:10:14.0949 0400  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:10:15.0011 0400  wcncsvc - ok
08:10:15.0058 0400  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:10:15.0089 0400  WcsPlugInService - ok
08:10:15.0136 0400  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
08:10:15.0151 0400  Wd - ok
08:10:15.0183 0400  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:10:15.0214 0400  Wdf01000 - ok
08:10:15.0229 0400  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:10:15.0276 0400  WdiServiceHost - ok
08:10:15.0276 0400  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:10:15.0307 0400  WdiSystemHost - ok
08:10:15.0339 0400  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
08:10:15.0370 0400  WebClient - ok
08:10:15.0401 0400  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:10:15.0448 0400  Wecsvc - ok
08:10:15.0495 0400  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:10:15.0510 0400  wercplsupport - ok
08:10:15.0541 0400  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:10:15.0573 0400  WerSvc - ok
08:10:15.0619 0400  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:10:15.0635 0400  WinDefend - ok
08:10:15.0651 0400  WinHttpAutoProxySvc - ok
08:10:15.0744 0400  [ 5A3AEA37E1F22CC85190A382B3AE2B29 ] Winmgmt         C:\Users\Meier\wgsdgsdgdsgsd.dll
08:10:15.0760 0400  Winmgmt ( UnsignedFile.Multi.Generic ) - warning
08:10:15.0760 0400  Winmgmt - detected UnsignedFile.Multi.Generic (1)
08:10:15.0807 0400  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:10:15.0869 0400  WinRM - ok
08:10:15.0931 0400  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:10:16.0009 0400  Wlansvc - ok
08:10:16.0103 0400  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:10:16.0150 0400  wlidsvc - ok
08:10:16.0197 0400  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:10:16.0212 0400  WmiAcpi - ok
08:10:16.0290 0400  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:10:16.0306 0400  wmiApSrv - ok
08:10:16.0384 0400  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:10:16.0446 0400  WMPNetworkSvc - ok
08:10:16.0493 0400  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:10:16.0540 0400  WPCSvc - ok
08:10:16.0571 0400  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:10:16.0602 0400  WPDBusEnum - ok
08:10:16.0649 0400  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:10:16.0665 0400  WpdUsb - ok
08:10:16.0743 0400  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:10:16.0774 0400  WPFFontCache_v0400 - ok
08:10:16.0805 0400  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:10:16.0836 0400  ws2ifsl - ok
08:10:16.0867 0400  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
08:10:16.0899 0400  wscsvc - ok
08:10:16.0899 0400  WSearch - ok
08:10:16.0977 0400  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:10:17.0055 0400  wuauserv - ok
08:10:17.0133 0400  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:10:17.0164 0400  WudfPf - ok
08:10:17.0211 0400  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:10:17.0242 0400  WUDFRd - ok
08:10:17.0273 0400  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:10:17.0289 0400  wudfsvc - ok
08:10:17.0304 0400  XDva385 - ok
08:10:17.0351 0400  ================ Scan global ===============================
08:10:17.0398 0400  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:10:17.0445 0400  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:10:17.0460 0400  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:10:17.0507 0400  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:10:17.0507 0400  [Global] - ok
08:10:17.0507 0400  ================ Scan MBR ==================================
08:10:17.0523 0400  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
08:10:17.0944 0400  \Device\Harddisk0\DR0 - ok
08:10:17.0959 0400  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:10:20.0767 0400  \Device\Harddisk1\DR1 - ok
08:10:20.0767 0400  ================ Scan VBR ==================================
08:10:20.0799 0400  [ 7FB5D3E8280ADE21DBD3C34C2E80D0A6 ] \Device\Harddisk0\DR0\Partition1
08:10:20.0799 0400  \Device\Harddisk0\DR0\Partition1 - ok
08:10:20.0814 0400  [ A87B8C91F300A42A90F5FDAEB15A4ECC ] \Device\Harddisk0\DR0\Partition2
08:10:20.0814 0400  \Device\Harddisk0\DR0\Partition2 - ok
08:10:20.0814 0400  [ 0F7DE3F33E3F0439699EDB09F85E2B42 ] \Device\Harddisk1\DR1\Partition1
08:10:20.0814 0400  \Device\Harddisk1\DR1\Partition1 - ok
08:10:20.0814 0400  ============================================================
08:10:20.0814 0400  Scan finished
08:10:20.0814 0400  ============================================================
08:10:20.0830 0392  Detected object count: 15
08:10:20.0830 0392  Actual detected object count: 15
08:11:13.0714 0392  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0714 0392  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0714 0392  FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0714 0392  FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0730 0392  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0730 0392  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0745 0392  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0745 0392  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0745 0392  IWPORT ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0745 0392  IWPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrAdm ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrAdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrAuf ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrAuf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrDba ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrDba ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrHis ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrHis ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrPAS ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrPAS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  LcSvrSaz ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  LcSvrSaz ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0761 0392  MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0761 0392  MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0777 0392  NSHE ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0777 0392  NSHE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0777 0392  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0777 0392  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:11:13.0777 0392  Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
08:11:13.0777 0392  Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 03.01.2013, 18:14   #8
markusg
/// Malware-holic
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 08:22   #9
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



so hier der Log von ComboFix

nach diesem Scan hat der Laptop wieder normal gebootet

musste den log als zip anhängen

Alt 04.01.2013, 14:57   #10
markusg
/// Malware-holic
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



hi,
bitte ausführen:
http://download.bleepingcomputer.com...ta/Winmgmt.reg
neustarten und ein neues OTL log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 17:20   #11
xQuattrox
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



so hier der Log

Code:
ATTFilter
OTL logfile created on: 04.01.2013 16:55:08 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 67,01% Memory free
6,07 Gb Paging File | 5,06 Gb Available in Paging File | 83,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 9,70 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 64,34 Gb Free Space | 28,47% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.30 13:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 03:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe
PRC - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.29 08:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
PRC - [2011.01.26 09:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2011.01.26 09:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrHis.exe
PRC - [2011.01.26 09:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2011.01.26 09:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2011.01.26 09:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrPas.exe
PRC - [2011.01.26 09:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrDba.exe
PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2009.10.29 20:47:38 | 000,634,880 | ---- | M] (AN-Soft) -- D:\Program Files\AN QuickNote\QuickNote.exe
PRC - [2009.05.28 07:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 07:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.10 08:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010.04.16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.12 08:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.27 08:55:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.10.26 07:07:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.29 08:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.01.26 09:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011.01.26 09:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011.01.26 09:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011.01.26 09:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- D:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011.01.26 09:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011.01.26 09:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ai-port.sys -- (FTSER2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Meier\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 15:29:38 | 000,058,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS)
DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.11.03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.10.06 09:53:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:25:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.30 12:41:54 | 000,008,152 | ---- | M] (TDi GmbH TechnoData - Interware) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.12.18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.05.15 14:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.02.05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.05.04 15:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 06:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.20 17:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.09 19:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 18:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.20 07:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 19:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.16 19:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.29 20:53:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Meier\AppData\Roaming\16001.009 [2012.11.10 08:53:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 08:21:48 | 000,000,000 | ---D | M]
 
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2011.05.20 19:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.20 07:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\wi3ydtaw.default\extensions
[2012.10.18 06:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MEIER\APPDATA\ROAMING\16001.009
[2012.10.27 08:55:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 06:41:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.04 07:47:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [QuickNote] D:\Program Files\AN QuickNote\QuickNote.exe (AN-Soft)
O4 - Startup: C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\VCDS-Dt\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC98896-78ED-4597-BA74-794DF4FD3DD7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBC6BDF0-EF9A-4FF2-B3B7-9A15E0A0EFD3}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD775AA9-6CA8-46A6-854A-9568B8EAF484}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7126855-9BB3-4492-9373-105E0C664B65}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 07:48:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.04 07:45:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.04 07:34:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.04 07:34:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.04 07:34:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.04 07:33:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.04 07:32:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.04 07:32:00 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\Meier\Desktop\ComboFix.exe
[2013.01.03 08:09:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Meier\Desktop\tdsskiller.exe
[2012.12.30 15:14:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.30 15:13:14 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.30 15:13:12 | 000,497,009 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Meier\Desktop\JRT.exe
[2012.12.30 14:00:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2012.12.30 12:51:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.28 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\Yahoo!
[2012.12.28 13:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.12.28 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.12.28 12:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.12.20 07:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.14 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\Meier\Desktop\Dokus Dez
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 16:50:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 16:50:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 16:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 16:48:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.04 16:27:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.01.04 16:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 07:52:05 | 105,121,753 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013.01.04 07:47:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.04 07:20:14 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\Meier\Desktop\ComboFix.exe
[2013.01.03 07:13:16 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Meier\Desktop\tdsskiller.exe
[2012.12.30 15:08:18 | 000,497,009 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Meier\Desktop\JRT.exe
[2012.12.30 13:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2012.12.30 13:54:23 | 255,654,654 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.30 10:55:39 | 003,751,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.30 10:33:07 | 000,001,356 | ---- | M] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.30 09:42:40 | 000,002,892 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.29 16:34:28 | 000,163,840 | ---- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 15:27:45 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.26 06:38:06 | 000,893,034 | ---- | M] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.24 07:29:16 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.24 07:29:16 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.24 07:29:16 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.24 07:29:16 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 07:09:50 | 000,000,939 | ---- | M] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.01.04 07:34:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.04 07:34:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.04 07:34:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.04 07:34:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.04 07:34:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.28 15:02:14 | 000,001,356 | ---- | C] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2012.12.28 14:57:14 | 000,002,892 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.26 08:22:03 | 000,893,034 | ---- | C] () -- C:\Users\Meier\Desktop\IMG_0547.JPG
[2012.12.20 07:09:50 | 000,000,939 | ---- | C] () -- C:\Users\Meier\Desktop\Free YouTube to iPhone Converter.lnk
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 08:42:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.11 20:25:54 | 000,000,011 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\urhtps.dat
[2012.11.10 08:53:54 | 000,000,016 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\blckdom.res
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.17 21:02:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.03.09 19:45:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.19 14:09:17 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.02.04 10:07:37 | 000,000,137 | -H-- | C] () -- C:\Windows\System32\crkmo.dll
[2011.10.26 07:08:48 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.11 14:59:17 | 000,000,021 | ---- | C] () -- C:\Users\Meier\AppData\Local\mc.pixel.data
[2011.10.07 11:14:40 | 000,000,037 | ---- | C] () -- C:\Windows\System32\conmansrv.ini
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\NETEDIC.INI
[2011.10.07 11:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\HWEDIC.INI
[2011.10.05 09:55:33 | 000,039,424 | ---- | C] () -- C:\Windows\System32\NMEVTRPT.dll
[2011.09.18 10:34:46 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.14 14:13:53 | 000,000,600 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\winscp.rnd
[2011.09.07 14:07:22 | 000,001,456 | ---- | C] () -- C:\Users\Meier\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.06 09:32:05 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.31 17:34:15 | 000,002,788 | ---- | C] () -- C:\Windows\RbSystem.ini
[2011.08.31 17:33:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\xcd73532.dll
[2011.08.31 17:33:00 | 000,012,800 | ---- | C] () -- C:\Windows\System32\PWUtility.dll
[2011.08.31 17:33:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\dtctrace.dll
[2011.08.31 17:32:49 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat
[2011.08.31 17:32:45 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2011.08.31 17:32:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2011.08.31 17:27:28 | 000,000,487 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2011.08.31 06:53:45 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2011.08.27 15:11:42 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.06 10:53:35 | 000,134,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.30 06:07:16 | 000,000,132 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.28 06:41:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2011.07.28 06:41:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2011.07.28 06:35:37 | 000,305,908 | ---- | C] () -- C:\Windows\ETOSU.EXE
[2011.07.28 06:32:23 | 000,000,133 | ---- | C] () -- C:\Windows\ETOSP.INI
[2011.06.22 17:11:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.21 19:54:09 | 000,163,840 | ---- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.21 09:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.21 09:14:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 19:07:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.11 11:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 11:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 11:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 10:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 10:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.21 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\.minecraft
[2012.11.10 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\16001.009
[2012.07.15 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Autodesk
[2012.01.29 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AVG2012
[2011.08.24 10:09:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\BOM
[2011.06.11 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2011.09.01 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2011.09.18 07:27:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.23 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\CheckPoint
[2011.09.05 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.01.23 06:51:26 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Lite
[2012.12.20 07:10:59 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2012.12.20 07:09:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.13 06:36:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\FileZilla
[2011.06.03 06:59:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Giub
[2011.05.21 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2013.01.04 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2012.11.10 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\kock
[2011.09.05 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Nvu
[2011.07.18 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2012.12.18 07:34:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2011.07.02 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Outerspace Software
[2012.02.26 08:38:51 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\picpick
[2011.05.21 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2012.05.29 06:18:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\QuickNote
[2012.08.29 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\redsn0w
[2012.11.11 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ryubyc
[2011.09.18 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\SlySoft
[2012.07.18 06:27:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Summitsoft
[2012.10.04 06:45:06 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\T-Online
[2011.05.20 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Thunderbird
[2011.06.03 07:07:16 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Ubny
[2011.11.11 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Unity
[2012.03.18 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Visan
[2012.11.11 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Vuumf
[2012.11.11 14:20:01 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Wuydy
[2012.11.17 08:04:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 05.01.2013, 16:15   #12
markusg
/// Malware-holic
 
GVU Trojaner hat mich erwischt - Standard

GVU Trojaner hat mich erwischt



Hi

lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner hat mich erwischt
administrator, anti, anti-malware, appdata, autostart, code, dateien, erwischt, explorer, firefox, gelöscht, gen, log, malwarebytes, microsoft, mozilla, quarantäne, roaming, runctf.lnk, scan, service, service pack 2, speicher, trojaner, version, vista



Ähnliche Themen: GVU Trojaner hat mich erwischt


  1. gvu trojaner hat mich erwischt
    Log-Analyse und Auswertung - 09.09.2013 (10)
  2. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (24)
  3. Auch mich aht der GVU Trojaner erwischt
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  4. GVU-Trojaner ... hat mich auch erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (9)
  5. GVU-Trojaner hat mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (7)
  6. Polizei Trojaner hat mich erwischt
    Log-Analyse und Auswertung - 06.10.2012 (9)
  7. Polizei-Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (31)
  8. Trojaner hat mich ebenfalls erwischt.
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  9. AKM Trojaner hat mich erwischt, wie vorgehen?
    Log-Analyse und Auswertung - 23.07.2012 (3)
  10. GVU-Trojaner 2.07 hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (14)
  11. doppelt: GVU Trojaner hat mich erwischt
    Mülltonne - 04.07.2012 (0)
  12. Verschlüsselungs-Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. Bundespolizei Trojaner hat mich erwischt!!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (13)
  14. 50€ Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  15. Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (2)
  16. Bundespolizei Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (5)
  17. Nu hat es mich auch erwischt! trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.09.2005 (6)

Zum Thema GVU Trojaner hat mich erwischt - Hallo vorhin hat er mich leider erwischt hab dann den Quick Scan mit Anti Malewarebytes gemacht hier der log dazu hoffe mir ist noch zu helfen danke schonmal Code: Alles - GVU Trojaner hat mich erwischt...
Archiv
Du betrachtest: GVU Trojaner hat mich erwischt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.