Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.03.2012, 22:25   #1
janPhone
 
Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Unglücklich

Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2



Liebes Trojaner Board,

mein AntiVir hat folgende Viren gefunden:
BDS/Maxplus.B
BDS/ZAccess.Q
TR/ATRAPS.Gen2

Gefunden immer in 'C:\Users\Name\AppData\Local\59964bbd\U\800000cf.@

Sieht so aus als wäre es ein Cookie oder liege ich da falsch? Löschen der Cookies mit CCleaner etc. hilft auch nicht.

Ich habe schon mehrmals probiert mit Avira diese Dateien/Programme/Backdoor/Rootkit/oder wie man sie auch immer nennt zu Löschen und in Quarantäne zu verschieben. Ohne ERFOLG! Die Meldung kommt immer öfter mittlerweile alle 20 Minuten eine der 3 Dateien.

Ich habe bereits Malwarebytes Anti-Malware heruntergeladen und einen kompletten Suchlauf gestartet, hier die Logfile:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: janPC [Administrator]

05.03.2012 20:21:41
mbam-log-2012-03-05 (23-03-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524176
Laufzeit: 2 Stunde(n), 41 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Jan\AppData\Local\59964bbd\X -> Keine Aktion durchgeführt.


Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jan\AppData\Local\59964bbd\X (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Jan\AppData\Local\59964bbd\U\80000000.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Jan\AppData\Local\59964bbd\U\800000cf.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.


(Ende)
Ist es richtig das ich die Dinger nur mit einer kompletten Windows Neuinstallation loswerde? Die Avira Rescue CD hilft da auch nicht?
Oder versuchen mit MBAM zu entfernen?

Bitte helft mir.... ich weiß nicht mehr weiter... am besten mit einer Schritt für Schritt Anleitung... ich hoffe ich komme um eine Formatierung herum Fühle mich nicht mehr sicher an meinem PC!

Vielen Dank schonmal für alle Antworten und Hilfe!

mfg janPhone

Alt 06.03.2012, 08:05   #2
Chris4You
 
Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Standard

Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2



Hi,

das kann heftig werden, alle Daten sichern...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________

__________________

Alt 07.03.2012, 12:42   #3
janPhone
 
Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Ausrufezeichen

Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2



mbam log siehe oben, habe mit hilfe mbam die objekte entfernt, vorerst.

danach habe ich OTL ausgeführt:
(logfiles siehe anhang, da zu lang für forumthread. => "OTL-Extras.zip")
Virustotal check von OTL-Extras.zip:
https://www.virustotal.com/file/288acbf8b3ae089d96418a382336f0c73de8e45dc4f595d96a147371f444c08b/analysis/1331123820/

dann TDSS Killer:
log:
Zitat:
13:25:23.0660 3760 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:25:23.0676 3760 ============================================================
13:25:23.0676 3760 Current date / time: 2012/03/07 13:25:23.0676
13:25:23.0676 3760 SystemInfo:
13:25:23.0676 3760
13:25:23.0676 3760 OS Version: 6.1.7601 ServicePack: 1.0
13:25:23.0676 3760 Product type: Workstation
13:25:23.0676 3760 ComputerName: L33TMACHINE
13:25:23.0676 3760 UserName: Jan
13:25:23.0676 3760 Windows directory: C:\Windows
13:25:23.0676 3760 System windows directory: C:\Windows
13:25:23.0676 3760 Running under WOW64
13:25:23.0676 3760 Processor architecture: Intel x64
13:25:23.0676 3760 Number of processors: 2
13:25:23.0676 3760 Page size: 0x1000
13:25:23.0676 3760 Boot type: Normal boot
13:25:23.0676 3760 ============================================================
13:25:32.0958 3760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:25:32.0958 3760 \Device\Harddisk0\DR0:
13:25:32.0974 3760 MBR used
13:25:32.0974 3760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D4A800
13:25:32.0974 3760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600
13:25:32.0989 3760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D770A
13:25:33.0239 3760 Initialize success
13:25:33.0239 3760 ============================================================
13:25:39.0479 4836 ============================================================
13:25:39.0479 4836 Scan started
13:25:39.0479 4836 Mode: Manual;
13:25:39.0479 4836 ============================================================
13:25:41.0772 4836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:25:41.0788 4836 1394ohci - ok
13:25:42.0068 4836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:25:42.0084 4836 ACPI - ok
13:25:42.0318 4836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:25:42.0318 4836 AcpiPmi - ok
13:25:42.0536 4836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:25:42.0848 4836 adp94xx - ok
13:25:43.0098 4836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:25:43.0176 4836 adpahci - ok
13:25:43.0394 4836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:25:43.0410 4836 adpu320 - ok
13:25:43.0644 4836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:25:43.0660 4836 AFD - ok
13:25:44.0065 4836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:25:44.0081 4836 agp440 - ok
13:25:44.0424 4836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:25:44.0440 4836 aliide - ok
13:25:44.0689 4836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:25:44.0705 4836 amdide - ok
13:25:45.0142 4836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:25:45.0157 4836 AmdK8 - ok
13:25:45.0329 4836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:25:45.0344 4836 AmdPPM - ok
13:25:45.0454 4836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:25:45.0485 4836 amdsata - ok
13:25:45.0688 4836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:25:45.0703 4836 amdsbs - ok
13:25:45.0875 4836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:25:45.0890 4836 amdxata - ok
13:25:46.0093 4836 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:25:46.0093 4836 AmUStor - ok
13:25:46.0390 4836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:25:46.0390 4836 AppID - ok
13:25:46.0608 4836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:25:46.0748 4836 arc - ok
13:25:46.0967 4836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:25:47.0716 4836 arcsas - ok
13:25:47.0934 4836 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
13:25:48.0028 4836 AsDsm - ok
13:25:48.0215 4836 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:25:48.0215 4836 ASMMAP64 - ok
13:25:48.0433 4836 Aspi32 - ok
13:25:48.0667 4836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:48.0667 4836 AsyncMac - ok
13:25:48.0823 4836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:25:48.0823 4836 atapi - ok
13:25:49.0260 4836 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
13:25:49.0322 4836 athr - ok
13:25:49.0619 4836 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:25:49.0619 4836 AVGIDSDriver - ok
13:25:49.0853 4836 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:25:49.0853 4836 AVGIDSEH - ok
13:25:50.0024 4836 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:25:50.0024 4836 AVGIDSFilter - ok
13:25:50.0274 4836 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
13:25:50.0274 4836 Avgldx64 - ok
13:25:50.0555 4836 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:25:50.0570 4836 Avgmfx64 - ok
13:25:50.0773 4836 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:25:50.0773 4836 avgntflt - ok
13:25:50.0992 4836 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:25:50.0992 4836 Avgrkx64 - ok
13:25:51.0257 4836 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
13:25:51.0272 4836 Avgtdia - ok
13:25:51.0444 4836 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:25:51.0444 4836 avipbb - ok
13:25:51.0631 4836 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:25:51.0631 4836 avkmgr - ok
13:25:51.0865 4836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:25:51.0881 4836 b06bdrv - ok
13:25:52.0115 4836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:25:52.0177 4836 b57nd60a - ok
13:25:52.0333 4836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:25:52.0349 4836 Beep - ok
13:25:52.0427 4836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:25:52.0442 4836 blbdrive - ok
13:25:52.0723 4836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:25:52.0739 4836 bowser - ok
13:25:52.0957 4836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:25:52.0957 4836 BrFiltLo - ok
13:25:53.0051 4836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:25:53.0051 4836 BrFiltUp - ok
13:25:53.0144 4836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:25:53.0160 4836 Brserid - ok
13:25:53.0191 4836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:25:53.0207 4836 BrSerWdm - ok
13:25:53.0238 4836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:25:53.0238 4836 BrUsbMdm - ok
13:25:53.0254 4836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:25:53.0269 4836 BrUsbSer - ok
13:25:53.0305 4836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:25:53.0315 4836 BTHMODEM - ok
13:25:53.0365 4836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:25:53.0375 4836 cdfs - ok
13:25:53.0406 4836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:25:53.0437 4836 cdrom - ok
13:25:53.0702 4836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:25:53.0780 4836 circlass - ok
13:25:53.0999 4836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:25:54.0030 4836 CLFS - ok
13:25:54.0248 4836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:25:54.0264 4836 CmBatt - ok
13:25:54.0373 4836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:25:54.0404 4836 cmdide - ok
13:25:54.0545 4836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:25:54.0592 4836 CNG - ok
13:25:54.0763 4836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:25:54.0779 4836 Compbatt - ok
13:25:54.0841 4836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:25:54.0857 4836 CompositeBus - ok
13:25:54.0950 4836 cpuz135 - ok
13:25:55.0091 4836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:25:55.0153 4836 crcdisk - ok
13:25:55.0434 4836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:25:55.0465 4836 DfsC - ok
13:25:55.0699 4836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:25:55.0746 4836 discache - ok
13:25:55.0980 4836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:25:56.0058 4836 Disk - ok
13:25:56.0261 4836 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:25:56.0277 4836 Dot4 - ok
13:25:56.0323 4836 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
13:25:56.0339 4836 Dot4Print - ok
13:25:56.0370 4836 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:25:56.0386 4836 dot4usb - ok
13:25:56.0417 4836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:25:56.0417 4836 drmkaud - ok
13:25:56.0495 4836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:56.0511 4836 DXGKrnl - ok
13:25:56.0901 4836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:25:57.0010 4836 ebdrv - ok
13:25:57.0337 4836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:25:57.0369 4836 elxstor - ok
13:25:57.0556 4836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:25:57.0571 4836 ErrDev - ok
13:25:57.0805 4836 ETD (1299d1ea00b7a4bf69c5869dca31e0f6) C:\Windows\system32\DRIVERS\ETD.sys
13:25:57.0837 4836 ETD - ok
13:25:57.0868 4836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:25:57.0899 4836 exfat - ok
13:25:57.0946 4836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:25:57.0977 4836 fastfat - ok
13:25:58.0164 4836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:25:58.0180 4836 fdc - ok
13:25:58.0351 4836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:25:58.0351 4836 FileInfo - ok
13:25:58.0398 4836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:25:58.0398 4836 Filetrace - ok
13:25:58.0445 4836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:25:58.0461 4836 flpydisk - ok
13:25:58.0492 4836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:25:58.0507 4836 FltMgr - ok
13:25:58.0554 4836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:25:58.0554 4836 FsDepends - ok
13:25:58.0648 4836 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:25:58.0663 4836 fssfltr - ok
13:25:58.0757 4836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:25:58.0773 4836 Fs_Rec - ok
13:25:58.0913 4836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:25:58.0944 4836 fvevol - ok
13:25:58.0975 4836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:25:58.0991 4836 gagp30kx - ok
13:25:59.0053 4836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:25:59.0053 4836 GEARAspiWDM - ok
13:25:59.0194 4836 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:25:59.0209 4836 hamachi - ok
13:25:59.0241 4836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:25:59.0241 4836 hcw85cir - ok
13:25:59.0287 4836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:25:59.0303 4836 HdAudAddService - ok
13:25:59.0350 4836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:25:59.0350 4836 HDAudBus - ok
13:25:59.0412 4836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:25:59.0428 4836 HidBatt - ok
13:25:59.0568 4836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:25:59.0568 4836 HidBth - ok
13:25:59.0615 4836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:25:59.0615 4836 HidIr - ok
13:25:59.0662 4836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:25:59.0677 4836 HidUsb - ok
13:25:59.0818 4836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:25:59.0833 4836 HpSAMD - ok
13:25:59.0974 4836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:26:00.0005 4836 HTTP - ok
13:26:00.0067 4836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:26:00.0067 4836 hwpolicy - ok
13:26:00.0114 4836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:26:00.0130 4836 i8042prt - ok
13:26:00.0177 4836 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:26:00.0177 4836 iaStor - ok
13:26:00.0348 4836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:26:00.0364 4836 iaStorV - ok
13:26:00.0473 4836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:26:00.0473 4836 iirsp - ok
13:26:00.0629 4836 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
13:26:00.0645 4836 IntcAzAudAddService - ok
13:26:00.0691 4836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:26:00.0691 4836 intelide - ok
13:26:00.0754 4836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:26:00.0769 4836 intelppm - ok
13:26:00.0801 4836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:00.0816 4836 IpFilterDriver - ok
13:26:00.0847 4836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:26:00.0863 4836 IPMIDRV - ok
13:26:00.0910 4836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:26:00.0925 4836 IPNAT - ok
13:26:01.0128 4836 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
13:26:01.0128 4836 iPodDrv - ok
13:26:01.0206 4836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:26:01.0237 4836 IRENUM - ok
13:26:01.0269 4836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:26:01.0284 4836 isapnp - ok
13:26:01.0315 4836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:26:01.0331 4836 iScsiPrt - ok
13:26:01.0456 4836 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:26:01.0456 4836 ISWKL - ok
13:26:01.0596 4836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:01.0596 4836 kbdclass - ok
13:26:01.0659 4836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:01.0659 4836 kbdhid - ok
13:26:01.0705 4836 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:26:01.0705 4836 kbfiltr - ok
13:26:01.0752 4836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:26:01.0768 4836 KSecDD - ok
13:26:01.0783 4836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:26:01.0799 4836 KSecPkg - ok
13:26:01.0830 4836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:26:01.0846 4836 ksthunk - ok
13:26:02.0017 4836 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:26:02.0017 4836 L1C - ok
13:26:02.0251 4836 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:26:02.0251 4836 LHidFilt - ok
13:26:02.0314 4836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:26:02.0314 4836 lltdio - ok
13:26:02.0392 4836 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:26:02.0392 4836 LMouFilt - ok
13:26:02.0470 4836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:02.0485 4836 LSI_FC - ok
13:26:02.0517 4836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:02.0517 4836 LSI_SAS - ok
13:26:02.0563 4836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:02.0563 4836 LSI_SAS2 - ok
13:26:02.0595 4836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:02.0595 4836 LSI_SCSI - ok
13:26:02.0641 4836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:26:02.0641 4836 luafv - ok
13:26:02.0688 4836 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
13:26:02.0688 4836 lullaby - ok
13:26:02.0751 4836 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:26:02.0766 4836 LUsbFilt - ok
13:26:02.0813 4836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:26:02.0813 4836 megasas - ok
13:26:02.0844 4836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:02.0860 4836 MegaSR - ok
13:26:02.0922 4836 MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) C:\Windows\system32\5435.tmp
13:26:02.0922 4836 MEMSWEEP2 - ok
13:26:03.0047 4836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:26:03.0047 4836 Modem - ok
13:26:03.0156 4836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:26:03.0156 4836 monitor - ok
13:26:03.0203 4836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:26:03.0203 4836 mouclass - ok
13:26:03.0250 4836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:26:03.0250 4836 mouhid - ok
13:26:03.0297 4836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:26:03.0297 4836 mountmgr - ok
13:26:03.0343 4836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:26:03.0359 4836 mpio - ok
13:26:03.0375 4836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:26:03.0390 4836 mpsdrv - ok
13:26:03.0437 4836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:26:03.0437 4836 MRxDAV - ok
13:26:03.0484 4836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:03.0484 4836 mrxsmb - ok
13:26:03.0515 4836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:03.0546 4836 mrxsmb10 - ok
13:26:03.0609 4836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:03.0609 4836 mrxsmb20 - ok
13:26:03.0640 4836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:26:03.0655 4836 msahci - ok
13:26:03.0687 4836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:26:03.0702 4836 msdsm - ok
13:26:03.0780 4836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:26:03.0796 4836 Msfs - ok
13:26:03.0811 4836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:26:03.0827 4836 mshidkmdf - ok
13:26:03.0858 4836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:26:03.0858 4836 msisadrv - ok
13:26:03.0889 4836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:26:03.0905 4836 MSKSSRV - ok
13:26:03.0921 4836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:03.0921 4836 MSPCLOCK - ok
13:26:03.0952 4836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:26:03.0952 4836 MSPQM - ok
13:26:03.0999 4836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:26:04.0014 4836 MsRPC - ok
13:26:04.0045 4836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:26:04.0045 4836 mssmbios - ok
13:26:04.0092 4836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:26:04.0108 4836 MSTEE - ok
13:26:04.0123 4836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:04.0123 4836 MTConfig - ok
13:26:04.0155 4836 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:26:04.0170 4836 MTsensor - ok
13:26:04.0217 4836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:26:04.0217 4836 Mup - ok
13:26:04.0373 4836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:26:04.0389 4836 NativeWifiP - ok
13:26:04.0513 4836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:26:04.0529 4836 NDIS - ok
13:26:04.0638 4836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:04.0654 4836 NdisCap - ok
13:26:04.0779 4836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:04.0779 4836 NdisTapi - ok
13:26:04.0841 4836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:04.0857 4836 Ndisuio - ok
13:26:04.0903 4836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:04.0919 4836 NdisWan - ok
13:26:04.0981 4836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:26:04.0981 4836 NDProxy - ok
13:26:05.0106 4836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:26:05.0106 4836 NetBIOS - ok
13:26:05.0169 4836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:26:05.0184 4836 NetBT - ok
13:26:05.0902 4836 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:26:06.0089 4836 NETw5s64 - ok
13:26:06.0214 4836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:06.0214 4836 nfrd960 - ok
13:26:06.0401 4836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:26:06.0417 4836 Npfs - ok
13:26:06.0448 4836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:26:06.0448 4836 nsiproxy - ok
13:26:06.0510 4836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:26:06.0588 4836 Ntfs - ok
13:26:06.0666 4836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:26:06.0682 4836 Null - ok
13:26:06.0713 4836 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
13:26:06.0713 4836 NVHDA - ok
13:26:07.0415 4836 nvlddmkm (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:26:07.0493 4836 nvlddmkm - ok
13:26:07.0602 4836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:26:07.0618 4836 nvraid - ok
13:26:07.0696 4836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:26:07.0711 4836 nvstor - ok
13:26:07.0914 4836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:26:07.0930 4836 nv_agp - ok
13:26:07.0977 4836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:26:07.0992 4836 ohci1394 - ok
13:26:08.0039 4836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:26:08.0055 4836 Parport - ok
13:26:08.0117 4836 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:26:08.0133 4836 partmgr - ok
13:26:08.0164 4836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:26:08.0179 4836 pci - ok
13:26:08.0211 4836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:26:08.0226 4836 pciide - ok
13:26:08.0257 4836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:26:08.0273 4836 pcmcia - ok
13:26:08.0289 4836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:26:08.0289 4836 pcw - ok
13:26:08.0320 4836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:26:08.0335 4836 PEAUTH - ok
13:26:08.0632 4836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:26:08.0647 4836 PptpMiniport - ok
13:26:08.0694 4836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:26:08.0710 4836 Processor - ok
13:26:08.0772 4836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:26:08.0772 4836 Psched - ok
13:26:08.0835 4836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:26:08.0897 4836 ql2300 - ok
13:26:08.0928 4836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:26:08.0944 4836 ql40xx - ok
13:26:08.0975 4836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:26:08.0991 4836 QWAVEdrv - ok
13:26:09.0006 4836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:26:09.0006 4836 RasAcd - ok
13:26:09.0053 4836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:26:09.0053 4836 RasAgileVpn - ok
13:26:09.0100 4836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:09.0115 4836 Rasl2tp - ok
13:26:09.0131 4836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:09.0147 4836 RasPppoe - ok
13:26:09.0162 4836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:26:09.0162 4836 RasSstp - ok
13:26:09.0225 4836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:26:09.0240 4836 rdbss - ok
13:26:09.0256 4836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:26:09.0256 4836 rdpbus - ok
13:26:09.0287 4836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:09.0287 4836 RDPCDD - ok
13:26:09.0318 4836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:26:09.0318 4836 RDPENCDD - ok
13:26:09.0349 4836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:26:09.0349 4836 RDPREFMP - ok
13:26:09.0396 4836 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:26:09.0412 4836 RDPWD - ok
13:26:09.0474 4836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:26:09.0474 4836 rdyboost - ok
13:26:09.0630 4836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:26:09.0630 4836 rspndr - ok
13:26:09.0693 4836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:26:09.0693 4836 sbp2port - ok
13:26:09.0755 4836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:26:09.0755 4836 scfilter - ok
13:26:09.0895 4836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:26:09.0895 4836 secdrv - ok
13:26:09.0973 4836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:26:09.0989 4836 Serenum - ok
13:26:10.0020 4836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:26:10.0020 4836 Serial - ok
13:26:10.0083 4836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:26:10.0098 4836 sermouse - ok
13:26:10.0161 4836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:26:10.0161 4836 sffdisk - ok
13:26:10.0192 4836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:26:10.0192 4836 sffp_mmc - ok
13:26:10.0207 4836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:26:10.0207 4836 sffp_sd - ok
13:26:10.0239 4836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:10.0239 4836 sfloppy - ok
13:26:10.0285 4836 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:26:10.0301 4836 SiSGbeLH - ok
13:26:10.0332 4836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:26:10.0348 4836 SiSRaid2 - ok
13:26:10.0363 4836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:26:10.0363 4836 SiSRaid4 - ok
13:26:10.0410 4836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:26:10.0410 4836 Smb - ok
13:26:10.0566 4836 SNP2UVC (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:26:10.0644 4836 SNP2UVC - ok
13:26:10.0785 4836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:26:10.0800 4836 spldr - ok
13:26:10.0972 4836 sptd (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\system32\Drivers\sptd.sys
13:26:10.0972 4836 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4c33f139236fd9bd14a920f60c1cb072
13:26:10.0972 4836 sptd ( LockedFile.Multi.Generic ) - warning
13:26:10.0972 4836 sptd - detected LockedFile.Multi.Generic (1)
13:26:11.0050 4836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:26:11.0065 4836 srv - ok
13:26:11.0159 4836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:26:11.0175 4836 srv2 - ok
13:26:11.0206 4836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:26:11.0221 4836 srvnet - ok
13:26:11.0268 4836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:26:11.0268 4836 stexstor - ok
13:26:11.0362 4836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:26:11.0362 4836 swenum - ok
13:26:11.0518 4836 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:26:11.0627 4836 Tcpip - ok
13:26:11.0722 4836 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:26:11.0737 4836 TCPIP6 - ok
13:26:11.0956 4836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:26:11.0956 4836 tcpipreg - ok
13:26:12.0065 4836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:26:12.0065 4836 TDPIPE - ok
13:26:12.0096 4836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:26:12.0112 4836 TDTCP - ok
13:26:12.0158 4836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:26:12.0158 4836 tdx - ok
13:26:12.0221 4836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:26:12.0221 4836 TermDD - ok
13:26:12.0361 4836 tizekdrv (a808347708c36d6d90bff27813fbbaaf) C:\Users\Jan\AppData\Roaming\TZAC\tizek64.sys
13:26:12.0377 4836 tizekdrv - ok
13:26:12.0517 4836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:12.0533 4836 tssecsrv - ok
13:26:12.0595 4836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:26:12.0611 4836 TsUsbFlt - ok
13:26:12.0658 4836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:26:12.0673 4836 tunnel - ok
13:26:12.0704 4836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:26:12.0704 4836 uagp35 - ok
13:26:12.0767 4836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:26:12.0767 4836 udfs - ok
13:26:12.0829 4836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:26:12.0829 4836 uliagpkx - ok
13:26:12.0892 4836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:26:12.0907 4836 umbus - ok
13:26:12.0938 4836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:26:12.0938 4836 UmPass - ok
13:26:12.0985 4836 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:26:13.0001 4836 USBAAPL64 - ok
13:26:13.0016 4836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:13.0032 4836 usbccgp - ok
13:26:13.0079 4836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:26:13.0094 4836 usbcir - ok
13:26:13.0126 4836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:26:13.0126 4836 usbehci - ok
13:26:13.0204 4836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:26:13.0219 4836 usbhub - ok
13:26:13.0266 4836 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:26:13.0282 4836 usbohci - ok
13:26:13.0297 4836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:26:13.0297 4836 usbprint - ok
13:26:13.0328 4836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:26:13.0344 4836 usbscan - ok
13:26:13.0375 4836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:13.0375 4836 USBSTOR - ok
13:26:13.0406 4836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:26:13.0406 4836 usbuhci - ok
13:26:13.0469 4836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:26:13.0484 4836 usbvideo - ok
13:26:13.0531 4836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:26:13.0531 4836 vdrvroot - ok
13:26:13.0594 4836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:13.0594 4836 vga - ok
13:26:13.0625 4836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:26:13.0625 4836 VgaSave - ok
13:26:13.0656 4836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:26:13.0672 4836 vhdmp - ok
13:26:13.0703 4836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:26:13.0703 4836 viaide - ok
13:26:13.0750 4836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:26:13.0750 4836 volmgr - ok
13:26:13.0796 4836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:26:13.0812 4836 volmgrx - ok
13:26:13.0843 4836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:26:13.0843 4836 volsnap - ok
13:26:13.0921 4836 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
13:26:13.0937 4836 Vsdatant - ok
13:26:14.0093 4836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:26:14.0093 4836 vsmraid - ok
13:26:14.0140 4836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:26:14.0140 4836 vwifibus - ok
13:26:14.0155 4836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:26:14.0155 4836 vwififlt - ok
13:26:14.0186 4836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:26:14.0186 4836 WacomPen - ok
13:26:14.0264 4836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:14.0264 4836 WANARP - ok
13:26:14.0280 4836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:14.0280 4836 Wanarpv6 - ok
13:26:14.0311 4836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:26:14.0327 4836 Wd - ok
13:26:14.0374 4836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:26:14.0405 4836 Wdf01000 - ok
13:26:14.0545 4836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:26:14.0545 4836 WfpLwf - ok
13:26:14.0576 4836 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:26:14.0592 4836 WimFltr - ok
13:26:14.0608 4836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:26:14.0608 4836 WIMMount - ok
13:26:14.0779 4836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:26:14.0795 4836 WinUsb - ok
13:26:14.0842 4836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:26:14.0857 4836 WmiAcpi - ok
13:26:14.0935 4836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:26:14.0935 4836 ws2ifsl - ok
13:26:15.0029 4836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:26:15.0044 4836 WudfPf - ok
13:26:15.0076 4836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:15.0091 4836 WUDFRd - ok
13:26:15.0138 4836 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:26:15.0232 4836 \Device\Harddisk0\DR0 - ok
13:26:15.0247 4836 Boot (0x1200) (91ca298c906de767f11ff100db514771) \Device\Harddisk0\DR0\Partition0
13:26:15.0263 4836 \Device\Harddisk0\DR0\Partition0 - ok
13:26:15.0263 4836 Boot (0x1200) (6c17734f6110964349ecb07276dea6e8) \Device\Harddisk0\DR0\Partition1
13:26:15.0263 4836 \Device\Harddisk0\DR0\Partition1 - ok
13:26:15.0310 4836 Boot (0x1200) (2857491209f0b7e848db490b80723284) \Device\Harddisk0\DR0\Partition2
13:26:15.0310 4836 \Device\Harddisk0\DR0\Partition2 - ok
13:26:15.0310 4836 ============================================================
13:26:15.0310 4836 Scan finished
13:26:15.0310 4836 ============================================================
13:26:15.0341 1824 Detected object count: 1
13:26:15.0341 1824 Actual detected object count: 1
13:26:31.0424 1824 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:26:31.0424 1824 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Internet habe ich selbstverständlich ausgestellt.
__________________

Alt 07.03.2012, 12:56   #4
janPhone
 
Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Standard

Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2



Irgendwie funktioniert das mit Virustotal link ned, aber er hat nichts gefunden, wenn es euch zu unsicher ist, poste ich es hier die logs... wird aber ewwwwwwig lang:
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/6/2012 2:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Jan\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 45.52% Memory free
8.00 Gb Paging File | 5.76 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 12.35 Gb Free Space | 16.58% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 38.85 Gb Free Space | 18.60% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 2.77 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
 
Computer Name: L33TMACHINE | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jan\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe (Atomix Productions)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Windows\SysWOW64\LckFldService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Users\Jan\Documents\VirtualDJ\Plugins\VideoTransition\default.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Users\Jan\Documents\VirtualDJ\Plugins\SoundEffect\brake.dll ()
MOD - C:\Users\Jan\Documents\VirtualDJ\Plugins\SoundEffect\backspin.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
MOD - C:\Users\Jan\Documents\VirtualDJ\Plugins\SoundEffect\flanger.dll ()
MOD - C:\Users\Jan\Documents\VirtualDJ\Plugins\SoundEffect\beatgrid.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (LckFldService) -- C:\Windows\SysWOW64\LckFldService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\5435.tmp (Sophos Plc)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (tizekdrv) -- C:\Users\Jan\AppData\Roaming\TZAC\tizek64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{CD51EA15-4672-491A-ACEB-BEAAAE82AC1B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?sk=lf"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.2
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/02/08 22:21:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/16 19:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/26 15:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 20:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/15 09:06:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/16 19:59:54 | 000,000,000 | ---D | M]
 
[2009/12/01 23:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012/02/27 15:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions
[2012/02/13 16:55:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/12/30 01:44:13 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/12/24 07:32:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/08 16:48:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/06 21:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\nostmp
[2011/03/12 10:40:01 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\9mjip5ns.default\extensions\personas@christopher.beard
[2012/03/01 07:56:46 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\9mjip5ns.default\searchplugins\icqplugin-1.xml
[2010/09/08 16:47:33 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\9mjip5ns.default\searchplugins\icqplugin-2.xml
[2010/07/25 14:14:45 | 000,001,056 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\9mjip5ns.default\searchplugins\icqplugin.xml
[2011/11/24 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MJIP5NS.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MJIP5NS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MJIP5NS.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MJIP5NS.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/17 20:54:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/12 12:15:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 12:15:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/12 12:15:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 12:15:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 12:15:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 12:15:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011/10/14 14:14:18 | 000,000,909 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe ARM] E" File not found
O4 - HKLM..\Run: [AppleSyncNotifier] E File not found
O4 - HKLM..\Run: [APSDaemon] E" File not found
O4 - HKLM..\Run: [ATKMEDIA] E File not found
O4 - HKLM..\Run: [ATKOSD2] E File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HpqSRMon] E File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6103A9B8-F4F8-414C-9BE4-FAC508BDBF9C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/06 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Security
[2012/03/06 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/03/06 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/03/06 00:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/03/06 00:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/03/06 00:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/03/05 23:18:12 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2012/03/05 23:08:26 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/05 23:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/03/05 20:19:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012/03/05 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/05 20:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/05 20:19:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/05 20:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 17:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\59964bbd
[2012/03/03 12:44:25 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012/03/03 12:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\VirtualDJ
[2012/03/03 12:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/02/22 13:45:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freelancer Account Manager
[2012/02/22 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Account Manager
[2012/02/22 13:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freelancer Account Manager
[2012/02/19 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freelancer Companion
[2012/02/19 18:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
[2012/02/19 18:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freelancer Mod Manager
[2012/02/18 10:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2012/02/17 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/02/17 21:27:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\hdined32.nls.{00021401-0000-0000-C000-000000000046}
[2012/02/17 21:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\burnatonce
[2012/02/17 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\burnatonce
[2012/02/17 20:56:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireBurner
[2012/02/17 20:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FireBurner
[2012/02/17 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/02/17 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Golden Hawk Technology
[2012/02/17 20:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Hawk Technology
[2012/02/17 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDRWIN
[2012/02/16 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\My Games
[2012/02/16 22:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Freelancer
[2012/02/15 09:44:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 09:44:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 09:44:04 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 09:44:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 09:44:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 09:44:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 09:44:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 09:44:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 09:44:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 09:44:02 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 09:44:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 09:40:33 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 09:40:20 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 09:40:19 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 09:40:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/12 22:32:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/12 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\ElevatedDiagnostics
[2012/02/10 14:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/06 14:10:05 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1654071091-3621316575-3085556213-1001UA.job
[2012/03/06 14:03:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 13:34:47 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 13:34:47 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/06 13:34:47 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 13:34:47 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/06 13:34:47 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 13:31:57 | 000,007,334 | ---- | M] () -- C:\Users\Jan\Desktop\Antwort Trojaner Board OTL TDSSS.odt
[2012/03/06 13:30:16 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/06 10:34:25 | 000,019,690 | ---- | M] () -- C:\Users\Jan\Documents\cc_20120306_103422.reg
[2012/03/06 08:10:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1654071091-3621316575-3085556213-1001Core.job
[2012/03/06 07:16:43 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 01:29:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 01:29:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 01:18:56 | 000,001,659 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/03/06 01:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 01:17:58 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 00:28:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 00:28:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/05 23:18:56 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2012/03/05 23:08:26 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/03 20:15:49 | 000,001,086 | ---- | M] () -- C:\Users\Jan\Desktop\VirtualDJ Home FREE.lnk
[2012/03/03 17:10:23 | 000,476,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/27 13:48:43 | 000,172,144 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/20 17:27:27 | 000,011,498 | ---- | M] () -- C:\Users\Jan\Desktop\Kündigung Helvetia Unfallversicherung.odt
[2012/02/20 11:32:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/17 14:19:00 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/15 16:40:53 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/15 09:52:44 | 001,599,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 12:44:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/06 13:31:57 | 000,007,334 | ---- | C] () -- C:\Users\Jan\Desktop\Antwort Trojaner Board OTL TDSSS.odt
[2012/03/06 10:34:24 | 000,019,690 | ---- | C] () -- C:\Users\Jan\Documents\cc_20120306_103422.reg
[2012/03/06 01:18:26 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/06 00:28:22 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 00:28:22 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/03 20:15:49 | 000,001,086 | ---- | C] () -- C:\Users\Jan\Desktop\VirtualDJ Home FREE.lnk
[2012/02/20 17:27:26 | 000,011,498 | ---- | C] () -- C:\Users\Jan\Desktop\Kündigung Helvetia Unfallversicherung.odt
[2012/02/19 19:39:21 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Companion.lnk
[2012/02/08 12:44:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/08 12:44:00 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/03 10:29:56 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/12/02 00:36:24 | 000,012,980 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\index.php
[2011/12/01 21:24:49 | 000,000,996 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/16 18:09:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/07 17:31:16 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2011/05/07 17:30:50 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll
[2011/05/07 17:28:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe
[2011/05/07 17:28:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe
[2011/01/04 17:41:30 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/04 17:41:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/08 15:55:55 | 000,172,144 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/27 19:53:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/10 23:53:11 | 000,000,600 | ---- | C] () -- C:\Users\Jan\AppData\Local\PUTTY.RND
[2010/08/02 12:12:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/01 20:50:41 | 000,000,600 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\winscp.rnd
[2010/06/16 19:59:32 | 000,023,714 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/09 13:09:16 | 000,245,227 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/06/09 13:09:16 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/06/09 12:54:09 | 001,599,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/6/2012 2:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Jan\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 45.52% Memory free
8.00 Gb Paging File | 5.76 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 12.35 Gb Free Space | 16.58% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 38.85 Gb Free Space | 18.60% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 2.77 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
 
Computer Name: L33TMACHINE | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5298B904-0A34-403F-9669-FE7D7BEBBE86}" = AVG 2011
"{544974E3-D015-401C-900C-E5D137BC930E}" = AVG 2011
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B89DF9D-E8BB-4479-B0BF-E3D25FB3533A}" = AVG 2011
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1" = Roadkil's Disk Image Version 1.6
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6DED92-076A-42F8-9A2A-324D1412852E}" = QIP 2010 4345 Jeak-Edition
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B309654-086F-4231-BED8-30CCDBB23DCF}" = UpdateStar
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1F02CBD-8256-464F-9F75-055C55EE8677}_is1" = Ventinizor 1.3
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"burnatonce_is1" = burnatonce
"CDRWIN" = CDRWIN
"DivX Setup.divx.com" = DivX-Setup
"doubleTwist" = doubleTwist
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"FAM" = FAM 1.0.0.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FLCompanion-{0A8EB4BA-8147-460B-9B0C-6D5B32F3FF41}" = Freelancer Companion 2.02
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 7.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Freelancer 1.0" = Freelancer
"HLSW_is1" = HLSW v1.3.2.1
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Minimizor_is1" = Minimizor 1.8
"mIRC" = mIRC
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Opera 11.61.1250" = Opera 11.61
"Orbit_is1" = Orbit Downloader
"S4Uninst" = The Settlers IV
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"TeamViewer 5" = TeamViewer 5
"TZAC ANTICHEAT" = TZAC ANTICHEAT
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.9
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xfire" = Xfire (remove only)
"YTdetect" = Yahoo! Detect
"ZoneAlarm Free" = ZoneAlarm Free
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinImage" = WinImage
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/4/2012 7:39:46 AM | Computer Name = l33tmachine | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 3/5/2012 9:10:06 AM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/5/2012 12:10:11 PM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/5/2012 2:37:07 PM | Computer Name = l33tmachine | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 3/5/2012 9:10:07 PM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/5/2012 10:29:50 PM | Computer Name = l33tmachine | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 3/6/2012 12:10:05 AM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/6/2012 3:10:05 AM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/6/2012 6:10:05 AM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
Error - 3/6/2012 9:10:05 AM | Computer Name = l33tmachine | Source = Google Update | ID = 20
Description = 
 
[ Media Center Events ]
Error - 9/15/2010 10:12:35 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 04:12:35 - Fehler beim Herstellen der Internetverbindung.  04:12:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/15/2010 10:12:43 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 04:12:40 - Fehler beim Herstellen der Internetverbindung.  04:12:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/27/2010 3:09:52 AM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 09:09:52 - Fehler beim Herstellen der Internetverbindung.  09:09:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/27/2010 3:10:13 AM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 09:09:58 - Fehler beim Herstellen der Internetverbindung.  09:09:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/27/2010 5:29:02 AM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 11:29:02 - Fehler beim Herstellen der Internetverbindung.  11:29:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/27/2010 5:29:18 AM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 11:29:07 - Fehler beim Herstellen der Internetverbindung.  11:29:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11/9/2010 7:52:10 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 00:52:10 - Fehler beim Herstellen der Internetverbindung.  00:52:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11/9/2010 7:52:22 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 00:52:15 - Fehler beim Herstellen der Internetverbindung.  00:52:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/4/2010 7:20:57 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 00:20:57 - Fehler beim Herstellen der Internetverbindung.  00:20:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/4/2010 7:21:30 PM | Computer Name = l33tmachine | Source = MCUpdate | ID = 0
Description = 00:21:26 - Fehler beim Herstellen der Internetverbindung.  00:21:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 3/6/2012 7:36:24 AM | Computer Name = l33tmachine | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\5435.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 3/6/2012 7:36:24 AM | Computer Name = l33tmachine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 3/6/2012 8:30:34 AM | Computer Name = l33tmachine | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 3/6/2012 8:30:36 AM | Computer Name = l33tmachine | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 3/6/2012 8:51:06 AM | Computer Name = l33tmachine | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\5435.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 3/6/2012 8:51:06 AM | Computer Name = l33tmachine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 3/6/2012 9:07:24 AM | Computer Name = l33tmachine | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\5435.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 3/6/2012 9:07:24 AM | Computer Name = l33tmachine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 3/6/2012 9:07:25 AM | Computer Name = l33tmachine | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\5435.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 3/6/2012 9:07:25 AM | Computer Name = l33tmachine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
 
< End of report >
         
--- --- ---

Alt 07.03.2012, 13:20   #5
Chris4You
 
Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Standard

Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2



Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] E File not found
O4 - HKLM..\Run: [APSDaemon] E" File not found
O4 - HKLM..\Run: [ATKMEDIA] E File not found
O4 - HKLM..\Run: [ATKOSD2] E File not found
O4 - HKLM..\Run: [HpqSRMon] E File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
[2012/03/04 17:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\59964bbd
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2
80000000.@, administrator, anti-malware, antivir, appdata, autostart, avira, avira rescue, bds/maxplus.b, bds/zaccess.q, ccleaner, cookie, dateisystem, entfernen, explorer, falsch, folge, formatierung, heuristiks/extra, heuristiks/shuriken, infizierte dateien, logfile, löschen, malwarebytes, microsoft, nicht mehr, rescue cd, rootkit.0access, software, speicher, tr/atraps.gen, trojaner, trojaner board, viren



Ähnliche Themen: Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2


  1. TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC
    Log-Analyse und Auswertung - 27.07.2013 (23)
  2. Avira meldet W32/Patched.UC, TR/ATRAPS.Gen2, TR/Gendal.15360, JAVA/Joegek.KY, BDS/ZAccess.AY, EXP/CVE-2012-1723
    Log-Analyse und Auswertung - 27.05.2013 (9)
  3. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  4. Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (64)
  5. BDS/ZAccess.yer + TR/ATRAPS.Gen + TR/ATRAPS.Gen2 - Avira machtlos
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  6. TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (1)
  7. TR/Winwebsec.AJ.14;BDS/ZAccess.W;EXP/JAVA.Teqwari.gen;TR/Agent.2049;TR/ATRAPS.gen2 und TR/sirefef.16896 von AVIRA gefunden
    Log-Analyse und Auswertung - 21.08.2012 (12)
  8. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  9. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  10. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  11. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  12. Avira meldet ganze Zeit TR/ATRAPS.Gen2 fund
    Log-Analyse und Auswertung - 21.07.2012 (2)
  13. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  14. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  15. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (45)
  16. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden --> SYSTEM NEU AUFSETZEN?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (7)
  17. BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Erfolgreich bekämpft ?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (5)

Zum Thema Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 - Liebes Trojaner Board, mein AntiVir hat folgende Viren gefunden: BDS/Maxplus.B BDS/ZAccess.Q TR/ATRAPS.Gen2 Gefunden immer in 'C:\Users\Name\AppData\Local\59964bbd\U\800000cf.@ Sieht so aus als wäre es ein Cookie oder liege ich da falsch? Löschen - Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2...
Archiv
Du betrachtest: Avira Fund von: BDS/Maxplus.B & BDS/ZAccess.Q & TR/ATRAPS.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.