| |
| |||||||
Log-Analyse und Auswertung: System Fix Trojaner und AntiVirus findet Virus BOO.TDss.OWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.12.2011, 09:00
| #1 |
 |  System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Hallo, bin ziemlich verzweifelt wegen diesem System Fix Trojaner der erstmals am 22.12.2011 auf meinem PC aufgetaucht ist. Habe Windows 7 64 Bit auf meinem Laptop. Wäre zutiefst dankbar wenn ihr mir helfen könntet! Ich würde gerne Windows 7 komplett neu aufsetzen weil ich gelesen habe das ist wohl das sicherste und beste was man in einem solchen Fall macht. Jedoch bin ich im moment in London und komme erst in 12 Tagen nach Deutschland an meine Recovery CDs. Meine erste und wichtigste Frage ist: Ich habe auf meinem verseuchten Laptop Überweisungen von meinem DKB InternetKonto auf meine Kreditkarte getätigt (vor dem Auftreten des System Fix). Muss ich die Bank informieren und Kreditkarte sperren lassen obwohl man ja jedesmal einen Tan benötigt? Habe auch anmeldenamen und Pin sofort auf einem sicheren PC geändert. Habe zuerst versucht das System über einen alten Wiederherstellungspunkt sauber zu bekommen jedoch wurde dies immer abgebrochen. Danach habe ich (NICHT im abgesicherten Modus) einige male mit Malwarebytes' Anti-Malware gescannt und diese von euch empfohlenen rkill vorher durchgeführt und unhide.exe. Danach waren alle Ordner wieder da und der System FIx wurde beendet. Nachdem ich aber einen Neustart gemacht habe ist alles beim alten! 1. kommt AntiVirus Meldung das ein Virus gefunden wurde Name : BOO.TDss.O 2. Fake Meldungen und System Fix öffnet sich und Ordner verschwinden Habe zudem darüber nachgedacht selbst die Registry Einträge etc nach der ANleitung von hxxp://www.fasterpccleanclean.com/de/system-fix-entfernen vorzunehmen aber ich denke damit kenne ich mich zu wenig aus. Weil mir BOO.TDss angezeigt wurde hab ich einfach einige male den TDss Killer angewendet aber der hat nichts gefunden! Die Ergebnisse sind im Anhang. Zudem habe ich jetzt mal dieses OTL runtergeladen: Dies ist das Ergebnis meines zweiten durchlaufs: (Beim ersten mal habe ich nicht die von euch geforderten Einstellungen verwendet und bei diesem durchlauf habe ich ein Häkchen bei "Inklusive 64 Bit scans" und "Use No Company Name WhiteList" gelassen) OTL logfile created on: 12/26/2011 6:41:46 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\asus\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.38% Memory free 14.93 Gb Paging File | 13.74 Gb Available in Paging File | 92.05% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 33.68 Gb Free Space | 45.19% Space Free | Partition Type: NTFS Drive D: | 211.85 Gb Total Space | 164.97 Gb Free Space | 77.87% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: asus | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/26 04:55:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Downloads\OTL.exe PRC - [2011/11/09 04:31:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/01/17 16:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 16:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/17 16:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe ========== Modules (No Company Name) ========== MOD - [2011/11/09 04:31:40 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/10/11 15:36:45 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011/09/01 14:19:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/09/01 14:19:42 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2007/06/15 17:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007/06/02 00:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/09/17 18:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV - [2011/07/21 10:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 10:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/21 05:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 20:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/06/16 00:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/03/31 09:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/08/08 07:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/12/07 22:31:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/12/07 22:31:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/09/01 15:46:55 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/07/21 10:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/21 10:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/11 19:24:13 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2009/10/05 07:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/08/12 05:45:29 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/07/20 09:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 03:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/26 20:25:09 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 20:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 10:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/06/04 10:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/13 01:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/04/27 08:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2008/05/24 00:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/07/24 18:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Programme\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 11 8B FB 9C 70 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\asus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\asus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 04:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/01 14:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Extensions [2011/12/15 06:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\54bhxkzl.default\extensions [2011/12/22 18:30:06 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\54bhxkzl.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2011/12/22 18:30:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\54bhxkzl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/08/29 16:19:24 | 000,000,925 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\54bhxkzl.default\searchplugins\conduit.xml [2011/11/09 04:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/11/06 16:22:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\54BHXKZL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/11/09 04:31:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/05 12:48:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/05 12:48:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/05 12:48:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/05 12:48:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/05 12:48:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/05 12:48:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Complitly plugin for chrome = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\ CHR - Extension: Google Mail = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.) O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\asus\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\asus\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [sBqDkHtcpJbcHA.exe] C:\ProgramData\sBqDkHtcpJbcHA.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 161.76.120.7 161.76.128.7 161.76.9.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D375FA-DEDE-4C9F-BC21-066C2A2A68BA}: DhcpNameServer = 161.76.104.7 161.76.120.7 161.76.9.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD982B8-C171-435A-9C71-A750018F2840}: DhcpNameServer = 161.76.120.7 161.76.128.7 161.76.9.1 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/25 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\ElevatedDiagnostics [2011/12/23 18:52:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/12/22 23:13:07 | 000,000,000 | ---D | C] -- C:\xplorer [2011/12/22 22:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/22 22:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/22 21:50:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/12/22 21:50:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/12/22 21:50:48 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/12/22 21:50:48 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/12/22 21:50:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/12/22 21:50:48 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/12/22 21:50:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/12/22 21:50:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/12/22 21:50:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/12/22 21:50:48 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/12/22 21:50:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/12/22 21:50:48 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/12/22 21:50:47 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/12/22 21:50:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/12/22 21:50:47 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/12/22 21:50:47 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/12/22 21:50:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/12/22 21:50:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/12/22 21:50:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/12/22 21:50:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/12/22 21:50:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/12/22 21:50:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/12/22 21:50:47 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/12/22 21:50:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/12/22 21:50:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/12/22 21:50:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/12/22 21:50:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/12/22 21:50:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/12/22 21:50:46 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/12/22 21:50:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/12/22 21:50:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/12/22 21:50:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/12/22 21:50:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/12/22 21:50:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/12/22 21:50:45 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/12/22 21:50:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/12/22 21:50:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/12/22 21:50:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/12/22 21:50:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/12/22 21:50:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/12/22 21:50:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/12/22 21:50:45 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/12/22 21:50:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/12/22 21:50:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/12/22 21:50:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/12/22 21:50:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/12/22 21:50:44 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/12/22 21:50:44 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/12/22 21:50:44 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/12/22 21:50:44 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/12/22 21:50:44 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/12/22 21:50:44 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/12/22 21:50:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/12/22 21:50:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/12/22 21:50:44 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/12/22 21:50:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/12/22 21:50:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/12/22 21:50:44 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/12/22 21:50:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/12/22 21:50:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/12/22 21:50:44 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/12/22 21:50:44 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/12/22 21:50:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/12/22 21:50:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/12/22 21:50:44 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/12/22 21:50:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/12/22 21:50:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/12/22 21:50:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/12/22 21:50:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/12/22 21:50:44 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/12/22 21:50:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011/12/22 21:50:43 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/12/22 21:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/12/22 21:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/12/22 21:17:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011/12/22 21:15:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011/12/22 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Malwarebytes [2011/12/22 19:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/22 19:54:30 | 000,000,000 | ---D | C] -- C:\joachimhubertmalware.exe [2011/12/22 19:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011/12/22 18:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/12/14 17:40:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011/12/14 17:39:38 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011/12/14 17:39:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011/12/14 07:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/12/12 17:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare [2011/12/12 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2011/12/12 04:44:24 | 101,553,128 | ---- | C] (BioWare) -- C:\Users\asus\Desktop\DragonAge1.05.exe [2011/12/08 02:15:30 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Risen [2011/12/08 02:05:36 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Tropico 4 Demo [2011/12/07 18:35:45 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011/12/07 00:42:47 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011/12/07 00:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2011/12/07 00:13:05 | 000,000,000 | ---D | C] -- C:\Users\asus\SystemRequirementsLab [2011/12/06 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\BioWare [2011/12/06 19:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011/12/06 19:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2011/12/06 19:45:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011/12/06 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011/12/06 19:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2011/12/06 18:15:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2011/12/06 04:55:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2011/12/06 04:55:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2011/12/06 04:55:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2011/12/06 04:55:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2011/12/06 04:55:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2011/12/06 04:55:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2011/12/06 04:55:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2011/12/06 04:55:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2011/12/06 04:55:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2011/12/06 04:55:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2011/12/06 04:55:10 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2011/12/06 04:55:10 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2011/12/06 04:55:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2011/12/06 04:55:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2011/12/06 04:55:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2011/12/06 04:55:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2011/12/06 04:55:09 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2011/12/06 04:55:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2011/12/06 04:55:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2011/12/06 04:55:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2011/12/06 04:55:09 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2011/12/06 04:55:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2011/12/06 04:55:09 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2011/12/06 04:55:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2011/12/06 04:55:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2011/12/06 04:55:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2011/12/06 04:55:08 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2011/12/06 04:55:08 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2011/12/06 04:55:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2011/12/06 04:55:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2011/12/06 04:55:07 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2011/12/06 04:55:07 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2011/12/06 04:55:07 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2011/12/06 04:55:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2011/12/06 04:55:07 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2011/12/06 04:55:07 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2011/12/06 04:55:06 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2011/12/06 04:55:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2011/12/06 04:55:05 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011/12/06 04:55:05 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011/12/06 04:55:05 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011/12/06 04:55:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011/12/06 04:55:03 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011/12/06 04:55:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011/12/06 04:55:03 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2011/12/06 04:55:03 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2011/12/06 04:55:03 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2011/12/06 04:55:03 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2011/12/06 04:55:02 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2011/12/06 04:55:02 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2011/12/06 04:55:02 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2011/12/06 04:55:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2011/12/06 04:55:01 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2011/12/06 04:55:01 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2011/12/06 04:55:01 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2011/12/06 04:55:01 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2011/12/06 04:54:59 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2011/12/06 04:54:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2011/12/06 04:54:58 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2011/12/06 04:54:58 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2011/12/06 04:54:58 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2011/12/06 04:54:58 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2011/12/06 04:54:58 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2011/12/06 04:54:58 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2011/12/06 04:54:58 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2011/12/06 04:54:58 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2011/12/06 04:54:57 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2011/12/06 04:54:57 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2011/12/06 04:54:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2011/12/06 04:54:57 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2011/12/06 04:54:57 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2011/12/06 04:54:57 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2011/12/06 04:54:56 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2011/12/06 04:54:56 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011/12/06 04:54:56 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2011/12/06 04:54:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011/12/06 04:54:54 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2011/12/06 04:54:54 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2011/12/06 04:54:54 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2011/12/06 04:54:54 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2011/12/06 04:54:54 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2011/12/06 04:54:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2011/12/06 04:54:53 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2011/12/06 04:54:53 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2011/12/06 04:54:53 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2011/12/06 04:54:52 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2011/12/06 04:54:52 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2011/12/06 04:54:52 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2011/12/06 04:54:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2011/12/06 04:54:50 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2011/12/06 04:54:50 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2011/12/06 04:54:50 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2011/12/06 04:54:50 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2011/12/06 04:54:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2011/12/06 04:54:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2011/12/06 04:54:49 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2011/12/06 04:54:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2011/12/06 04:54:48 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2011/12/06 04:54:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2011/12/06 04:54:48 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2011/12/06 04:54:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2011/12/06 04:54:46 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2011/12/06 04:54:46 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2011/12/06 04:54:46 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2011/12/06 04:54:46 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2011/12/06 04:54:45 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2011/12/06 04:54:45 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2011/12/06 04:54:45 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2011/12/06 04:54:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2011/12/06 04:54:43 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2011/12/06 04:54:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2011/12/06 04:54:42 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2011/12/06 04:54:42 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2011/12/06 04:54:41 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2011/12/06 04:54:41 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2011/12/06 04:54:41 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2011/12/06 04:54:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2011/12/06 04:54:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2011/12/06 04:54:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2011/12/06 04:54:39 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2011/12/06 04:54:39 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2011/12/06 04:54:39 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2011/12/06 04:54:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2011/12/06 04:54:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2011/12/06 04:54:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2011/12/06 04:54:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2011/12/06 04:54:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2011/12/06 04:54:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2011/12/06 04:54:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2011/12/06 04:54:36 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2011/12/06 04:54:36 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2011/12/06 04:54:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2011/12/06 04:54:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011/12/06 04:54:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2011/12/06 04:54:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2011/12/06 04:54:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2011/12/06 04:54:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2011/12/06 04:54:33 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2011/12/06 04:54:33 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2011/12/06 04:54:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2011/12/06 04:54:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2011/12/06 04:54:32 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2011/12/06 04:54:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2011/12/06 04:54:32 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2011/12/06 04:54:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2011/12/06 04:54:31 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011/12/06 04:54:31 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011/12/06 04:54:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2011/12/06 04:54:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2011/12/06 04:54:30 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2011/12/06 04:54:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2011/12/06 04:54:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2011/12/06 04:54:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2011/12/06 04:54:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2011/12/06 04:54:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2011/12/06 04:54:28 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2011/12/06 04:54:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2011/12/06 04:54:28 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2011/12/06 04:54:28 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2011/12/06 04:54:28 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2011/12/06 04:54:28 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2011/12/06 04:54:27 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2011/12/06 04:54:27 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2011/12/06 04:54:21 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011/12/06 04:54:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011/12/06 04:54:20 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2011/12/06 04:54:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2011/12/06 04:54:20 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2011/12/06 04:54:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2011/12/06 04:54:19 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2011/12/06 04:54:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2011/12/06 04:54:18 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2011/12/06 04:54:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2011/12/06 04:54:16 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2011/12/06 04:54:16 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2011/12/06 04:54:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2011/12/06 04:54:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2011/12/06 04:54:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2011/12/06 04:54:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2011/12/06 04:54:12 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2011/12/06 04:54:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2011/12/06 04:17:30 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\Texte [2011/11/30 19:45:25 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2011/11/30 19:38:45 | 000,000,000 | ---D | C] -- C:\TEMP [2011/11/30 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx [2011/11/30 18:48:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011/11/26 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\DOSBox [2011/11/26 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011/11/26 23:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/26 04:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/26 04:50:42 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2011/12/26 03:33:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/12/26 03:25:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2436784591-627746195-2248479600-1001UA.job [2011/12/26 02:33:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/25 20:25:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2436784591-627746195-2248479600-1001Core.job [2011/12/25 17:42:58 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/25 17:42:58 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/23 12:35:15 | 000,065,586 | ---- | M] () -- C:\Users\asus\Desktop\cc_20111223_123456.reg [2011/12/23 12:01:30 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/22 23:04:57 | 000,001,764 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011/12/22 22:46:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/22 22:46:50 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/22 22:46:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/22 22:46:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/22 22:46:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/22 22:32:33 | 000,001,209 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011/12/22 21:50:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/12/22 21:50:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/12/22 21:50:48 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/12/22 21:50:48 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/12/22 21:50:48 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/12/22 21:50:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/12/22 21:50:48 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/12/22 21:50:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/12/22 21:50:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/12/22 21:50:48 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/12/22 21:50:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/12/22 21:50:48 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/12/22 21:50:47 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/12/22 21:50:47 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/12/22 21:50:47 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/12/22 21:50:47 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/12/22 21:50:47 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/12/22 21:50:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/12/22 21:50:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/12/22 21:50:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/12/22 21:50:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/12/22 21:50:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/12/22 21:50:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/22 21:50:47 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/12/22 21:50:47 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/12/22 21:50:47 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/12/22 21:50:47 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/12/22 21:50:47 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/12/22 21:50:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/12/22 21:50:46 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/12/22 21:50:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/12/22 21:50:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/12/22 21:50:46 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/12/22 21:50:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/12/22 21:50:46 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/12/22 21:50:45 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/12/22 21:50:45 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/12/22 21:50:45 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/12/22 21:50:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/12/22 21:50:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/12/22 21:50:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/12/22 21:50:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/12/22 21:50:45 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/12/22 21:50:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/12/22 21:50:45 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/12/22 21:50:45 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/12/22 21:50:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/12/22 21:50:44 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/12/22 21:50:44 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/12/22 21:50:44 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/12/22 21:50:44 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/12/22 21:50:44 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/12/22 21:50:44 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/12/22 21:50:44 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/12/22 21:50:44 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/12/22 21:50:44 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/12/22 21:50:44 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/12/22 21:50:44 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/12/22 21:50:44 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/12/22 21:50:44 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/12/22 21:50:44 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/12/22 21:50:44 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/12/22 21:50:44 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/12/22 21:50:44 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/12/22 21:50:44 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/12/22 21:50:44 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/12/22 21:50:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/12/22 21:50:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/12/22 21:50:44 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/22 21:50:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/12/22 21:50:44 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/12/22 21:50:44 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/12/22 21:50:44 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011/12/22 21:50:43 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/12/22 21:40:20 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2011/12/22 21:40:20 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2011/12/22 21:38:33 | 000,001,260 | ---- | M] () -- C:\Users\asus\Desktop\Spybot - Search & Destroy.lnk [2011/12/22 19:05:40 | 004,293,482 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/22 17:35:48 | 000,466,944 | -HS- | M] () -- C:\ProgramData\sBqDkHtcpJbcHA.exe [2011/12/18 07:25:57 | 000,002,356 | ---- | M] () -- C:\Users\asus\Desktop\Google Chrome.lnk [2011/12/14 07:30:25 | 000,000,945 | ---- | M] () -- C:\Users\asus\Desktop\Audacity.lnk [2011/12/12 04:46:01 | 101,553,128 | ---- | M] (BioWare) -- C:\Users\asus\Desktop\DragonAge1.05.exe [2011/12/10 20:21:35 | 000,028,528 | ---- | M] () -- C:\Users\asus\Desktop\muskelaufbau ernährung.odt [2011/12/10 16:47:20 | 000,028,625 | ---- | M] () -- C:\Users\asus\Desktop\ticket flug.odt [2011/12/10 03:43:46 | 000,012,298 | ---- | M] () -- C:\Users\asus\Desktop\allergie.odt [2011/12/07 22:31:55 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011/12/07 22:31:54 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011/12/02 21:27:41 | 000,007,680 | ---- | M] () -- C:\Users\asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/28 07:18:02 | 000,013,876 | ---- | M] () -- C:\Users\asus\Desktop\sharks.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/25 22:40:17 | 000,001,547 | ---- | C] () -- C:\Users\asus\Desktop\Windows Media Player.lnk [2011/12/23 12:35:04 | 000,065,586 | ---- | C] () -- C:\Users\asus\Desktop\cc_20111223_123456.reg [2011/12/22 22:40:44 | 000,001,441 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/12/22 21:50:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/22 21:50:44 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/22 21:38:33 | 000,001,260 | ---- | C] () -- C:\Users\asus\Desktop\Spybot - Search & Destroy.lnk [2011/12/22 19:04:28 | 004,293,482 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/22 17:39:47 | 000,466,944 | -HS- | C] () -- C:\ProgramData\sBqDkHtcpJbcHA.exe [2011/12/14 07:30:25 | 000,000,945 | ---- | C] () -- C:\Users\asus\Desktop\Audacity.lnk [2011/12/10 20:21:34 | 000,028,528 | ---- | C] () -- C:\Users\asus\Desktop\muskelaufbau ernährung.odt [2011/12/10 16:47:01 | 000,028,625 | ---- | C] () -- C:\Users\asus\Desktop\ticket flug.odt [2011/12/10 03:43:37 | 000,012,298 | ---- | C] () -- C:\Users\asus\Desktop\allergie.odt [2011/12/07 22:31:55 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011/12/07 22:31:54 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011/11/28 07:18:01 | 000,013,876 | ---- | C] () -- C:\Users\asus\Desktop\sharks.odt [2011/09/16 18:42:37 | 000,007,680 | ---- | C] () -- C:\Users\asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/11 19:13:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010/02/09 07:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2010/02/09 07:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/29 05:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/12/22 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Complitly [2011/12/23 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\DAEMON Tools Lite [2011/10/20 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\DVDVideoSoft [2011/09/04 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\DVDVideoSoftIEHelpers [2011/09/01 17:16:37 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Leadertech [2011/09/01 17:25:47 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\My Games [2011/09/01 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\OpenOffice.org [2011/12/08 02:14:46 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Tropico 4 Demo [2011/12/25 16:29:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP  FC5A2B2< End of report > DAZU KAM DIESE Extras.Txt OTL Extras logfile created on: 12/26/2011 6:41:46 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\asus\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.38% Memory free 14.93 Gb Paging File | 13.74 Gb Available in Paging File | 92.05% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 33.68 Gb Free Space | 45.19% Space Free | Partition Type: NTFS Drive D: | 211.85 Gb Total Space | 164.97 Gb Free Space | 77.87% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: asus | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver "ASUS_N71_Screensaver" = ASUS_N71_Screensaver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Picasa 3" = Picasa 3 "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 1.1.11 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/20/2011 3:02:48 AM | Computer Name = Simon-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 12/20/2011 3:03:33 AM | Computer Name = Simon-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12/20/2011 8:50:35 AM | Computer Name = Simon-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 12/20/2011 9:00:19 PM | Computer Name = Simon-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: fifa.exe, Version: 1.0.0.0, Zeitstempel: 0x4c8a90dc Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x40800000 ID des fehlerhaften Prozesses: 0xec0 Startzeit der fehlerhaften Anwendung: 0x01ccbf7606f193f2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 26bc9888-2b6f-11e1-af79-90e6ba5b9f88 Error - 12/21/2011 12:12:15 AM | Computer Name = Simon-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 12/21/2011 7:59:33 PM | Computer Name = Simon-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 12/21/2011 8:42:15 PM | Computer Name = Simon-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 12/21/2011 8:42:54 PM | Computer Name = Simon-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12/22/2011 1:38:57 PM | Computer Name = Simon-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: kna0.6591147786922743.exe, Version: 0.0.0.0, Zeitstempel: 0x4ef367b4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0064db99 ID des fehlerhaften Prozesses: 0x50c Startzeit der fehlerhaften Anwendung: 0x01ccc0d0206f9872 Pfad der fehlerhaften Anwendung: C:\Users\asus\AppData\Local\Temp\kna0.6591147786922743.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d2ff53f0-2cc3-11e1-91cb-90e6ba5b9f88 Error - 12/22/2011 2:15:21 PM | Computer Name = Simon-PC | Source = System Restore | ID = 8210 Description = [ System Events ] Error - 12/22/2011 3:21:35 PM | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12/22/2011 3:23:14 PM | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb discache spldr Wanarpv6 Error - 12/22/2011 3:23:17 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10005 Description = Error - 12/22/2011 3:23:23 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10005 Description = Error - 12/22/2011 3:23:24 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10005 Description = Error - 12/22/2011 3:23:24 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10005 Description = Error - 12/22/2011 3:28:37 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10005 Description = Error - 12/22/2011 3:45:01 PM | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 12/22/2011 6:34:27 PM | Computer Name = Simon-PC | Source = DCOM | ID = 10010 Description = Error - 12/22/2011 6:34:27 PM | Computer Name = Simon-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 < End of report > Mein aktuellster Scann mit Malwarebytes Anti Malware ergab dieses Ergebnis: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 911122601 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 26.12.2011 07:50:27 mbam-log-2011-12-26 (07-50-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 400045 Laufzeit: 40 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sBqDkHtcpJbcHA.exe (Trojan.FakeAlert) -> Value: sBqDkHtcpJbcHA.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\sbqdkhtcpjbcha.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Alle vorherigen Log Dateien sind im Anhang. Wenn Sie weitere Dateien benötigen einfach bescheid geben (und am besten beschreiben wo die dateien zu finden sind weil ich mich nicht gerade gut auskenne) und ich versuche dann schnellstmöglich diese nachzureichen. Sollte ich meinen Laptop bis das Problem gelöst ist immer nur im abgesicherten Modus starten? Zudem frage ich mich ob Trojaner auch im abgesicherten Modus weitere SChadprogramme auf mein Laptop laden können? Viele Grüße und Danke im voraus für eine Antwort Biggi |
|
26.12.2011, 16:42
| #2 | |
| /// Selecta Jahrusso   | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Zitat:
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste in deiner nächsten Antwort aswMBR.txt
__________________ |
|
26.12.2011, 17:40
| #3 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Hallo Daniel,
__________________danke für die schnelle Antwort. Hier die aswMBR.txt MBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software Run date: 2011-12-26 16:33:41 ----------------------------- 16:33:41.890 OS Version: Windows x64 6.1.7601 Service Pack 1 16:33:41.890 Number of processors: 2 586 0x170A 16:33:41.890 ComputerName: SIMON-PC UserName: asus 16:33:44.042 Initialize success 16:34:18.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:34:18.144 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3 16:34:18.191 Disk 0 MBR read successfully 16:34:18.191 Disk 0 MBR scan 16:34:18.206 Disk 0 Windows 7 default MBR code found via API 16:34:18.206 Disk 0 unknown MBR code 16:34:18.222 Disk 0 MBR hidden 16:34:18.222 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12000 MB offset 64 16:34:18.253 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76311 MB offset 24576064 16:34:18.253 Disk 0 Partition - 00 0F Extended LBA 216932 MB offset 180862976 16:34:18.300 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 216931 MB offset 180865024 16:34:18.300 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT** 16:34:18.300 Disk 0 trace - called modules: 16:34:18.316 16:34:18.316 Scan finished successfully 16:34:42.995 Disk 0 MBR has been saved successfully to "C:\Users\asus\Desktop\MBR.dat" 16:34:42.995 The log file has been saved successfully to "C:\Users\asus\Desktop\aswMBR.txt" |
|
26.12.2011, 17:45
| #4 |
| /// Selecta Jahrusso | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Gefällt mir nicht :/ Zufällig nen USB Stick zur Hand ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.12.2011, 17:53
| #5 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Ach und noch etwas...immer wenn ich auf auf trojaner-board.de möchte versucht mein System mich daran zu hindern und leitet mich auf eine andere Seite weiter wie "berlinfernsehturm.de" oder ähnliches  . Die haben echt an alles gedacht.. |
|
26.12.2011, 17:54
| #6 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Ja hätte einen zur Hand..noch ganz neu. |
|
26.12.2011, 17:59
| #7 | |
| /// Selecta Jahrusso | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Sehr gut. Brauchen wir wahrscheinlich. Muss mir da was ansehen. Kannst du mir sagen, was das ist ? C:\joachimhubertmalware.exe Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort Combofix.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.12.2011, 19:23
| #8 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O So hat ziemlich lange gedauert..kein gutes zeichen nehm ich an... dieses joachimhubert war ein ordner indem ich Malwarebytes gespeichert hatte..habs umbenannt weil System Fix mich gehindert hatte die instatllation auszuführen..der Ordner war aber leer und wurde auch von combofix gelöscht. Zudem wurde /QuickLaunch/System Fix.ink oder so gelöscht aber wirst du denk ich selbst sehen. Hier die log datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-26.02 - asus 26.12.2011 17:21:26.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.3205 [GMT 0:00]
ausgeführt von:: c:\users\asus\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\joachimhubertmalware.exe
c:\users\asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-26 bis 2011-12-26 ))))))))))))))))))))))))))))))
.
.
2011-12-26 17:54 . 2011-12-26 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-25 16:22 . 2011-12-25 16:22 -------- d-----w- c:\users\asus\AppData\Local\ElevatedDiagnostics
2011-12-22 23:13 . 2011-12-22 23:13 -------- d-----w- C:\xplorer
2011-12-22 22:51 . 2011-12-22 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-22 22:37 . 2011-12-22 22:37 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-12-22 22:36 . 2011-12-22 22:36 -------- d-----w- c:\windows\system32\wbem\en-US
2011-12-22 21:38 . 2011-12-22 21:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-22 21:17 . 2011-12-22 21:17 -------- d-----w- c:\windows\system32\SPReview
2011-12-22 21:15 . 2011-12-22 21:15 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 19:54 . 2011-12-22 19:54 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes
2011-12-22 19:54 . 2011-12-22 19:54 -------- d-----w- c:\programdata\Malwarebytes
2011-12-22 18:58 . 2011-12-22 19:22 -------- d-----w- c:\programdata\PC Tools
2011-12-14 17:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 17:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 07:30 . 2011-12-22 18:30 -------- d-----w- c:\program files (x86)\Audacity
2011-12-12 17:09 . 2011-12-12 17:09 -------- d-----w- c:\programdata\BioWare
2011-12-12 17:03 . 2011-12-22 18:06 -------- d-----w- c:\programdata\Media Center Programs
2011-12-08 02:15 . 2011-12-08 02:15 -------- d-----w- c:\users\asus\AppData\Local\Risen
2011-12-08 02:05 . 2011-12-08 02:14 -------- d-----w- c:\users\asus\AppData\Roaming\Tropico 4 Demo
2011-12-07 22:31 . 2011-12-07 22:31 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-12-07 22:31 . 2011-12-07 22:31 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-12-07 22:31 . 2011-12-22 18:30 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-12-07 18:35 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-07 00:42 . 2011-12-07 00:42 -------- d-----w- C:\NVIDIA
2011-12-07 00:13 . 2011-12-07 00:13 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-12-07 00:13 . 2011-12-22 18:30 -------- d-----w- c:\users\asus\SystemRequirementsLab
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-12-06 19:45 . 2011-12-22 18:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-06 19:42 . 2011-12-23 19:24 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-12-06 04:54 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-11-30 19:45 . 1997-11-19 14:49 303616 ----a-w- c:\windows\IsUninst.exe
2011-11-30 19:38 . 2011-11-30 19:38 -------- d-----w- C:\TEMP
2011-11-30 19:37 . 2011-11-30 19:37 -------- d-----w- c:\program files (x86)\directx
2011-11-30 18:48 . 2011-11-30 18:48 -------- d-----w- c:\windows\SysWow64\Adobe
2011-11-26 23:45 . 2011-11-27 00:01 -------- d-----w- c:\users\asus\AppData\Local\DOSBox
2011-11-26 23:41 . 2011-11-26 23:41 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-26 07:05 . 2011-12-26 07:05 83093 ----a-w- C:\TDSSKILLER.zip
2011-12-22 21:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-22 21:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-25 20:33 . 2011-11-25 20:33 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-10-11 15:36 . 2011-09-01 15:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-09 16:22 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-01 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cpuz135;cpuz135;c:\users\asus\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 14:13]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 14:13]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436784591-627746195-2248479600-1001Core.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 01:28]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436784591-627746195-2248479600-1001UA.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-08-25 08:46 167416 ----a-w- c:\users\asus\AppData\Roaming\Complitly\64\Complitly64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 161.76.120.7 161.76.128.7 161.76.9.1
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\54bhxkzl.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_N71_Screensaver - c:\windows\system32\ASUS_N71_Screensaver.scr
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-26 18:18:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-26 18:17
.
Vor Suchlauf: 13 Verzeichnis(se), 36.087.877.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 35.906.863.104 Bytes frei
.
- - End Of File - - E169B817BEA1B05321875D0B3EECEB96
|
|
26.12.2011, 19:26
| #9 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Achja Malwarebytes, avira antivir, spybot sind alle inaktiv im abgesichterten Modus oder? Habe nichts deaktiviert bzw wüsste nich wie falls die doch aktiv waren. |
|
26.12.2011, 19:27
| #10 |
| /// Selecta Jahrusso | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Könntest du bitte aswMBR nochmal laufen lassen und mir die aswmbr.txt posten
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.12.2011, 19:36
| #11 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software Run date: 2011-12-26 18:34:47 ----------------------------- 18:34:47.326 OS Version: Windows x64 6.1.7601 Service Pack 1 18:34:47.326 Number of processors: 2 586 0x170A 18:34:47.326 ComputerName: SIMON-PC UserName: asus 18:34:47.825 Initialize success 18:34:53.597 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:34:53.597 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3 18:34:53.613 Disk 0 MBR read successfully 18:34:53.613 Disk 0 MBR scan 18:34:53.629 Disk 0 Windows 7 default MBR code found via API 18:34:53.629 Disk 0 unknown MBR code 18:34:53.629 Disk 0 MBR hidden 18:34:53.644 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12000 MB offset 64 18:34:53.660 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76311 MB offset 24576064 18:34:53.660 Disk 0 Partition - 00 0F Extended LBA 216932 MB offset 180862976 18:34:53.691 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 216931 MB offset 180865024 18:34:53.707 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT** 18:34:53.707 Disk 0 trace - called modules: 18:34:53.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800577f334]<< 18:34:53.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057654e0] 18:34:53.753 3 CLASSPNP.SYS[fffff88001b5c43f] -> nt!IofCallDriver -> [0xfffffa8003d2d040] 18:34:53.769 5 ACPI.sys[fffff88000f0a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b3050] 18:34:53.785 \Driver\iaStor[0xfffffa8003cd92b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800577f334 18:34:53.800 Scan finished successfully 18:35:12.770 Disk 0 MBR has been saved successfully to "C:\Users\asus\Downloads\MBR.dat" 18:35:12.801 The log file has been saved successfully to "C:\Users\asus\Downloads\aswMBR2.txt" |
|
26.12.2011, 19:41
| #12 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Bin auch jetzt die ganze zeit im Internet ohne Virenprogramme...ist das nich unsicher bzw kann der Trojaner sich dann nich Dateien nachladen? Grad kam auf meinem Desktop dass ich ein IPhone gewonnen hätte?! |
|
26.12.2011, 22:12
| #13 |
| /// Selecta Jahrusso | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O hy biggi mach dir da mal keine sorgen. es ist die infection, die nachlädt und dies kann auch eine AntiViren Software nicht mehr verhindern. Wir kümmern uns darum. Bin gerade mit dem Handy online und melde mich mit weiterem sobald ich zu Hause bin
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (27.12.2011 um 01:58 Uhr) |
|
27.12.2011, 00:31
| #14 |
| | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Hey Daniel, wollte nur noch wissen wann du die nächsten Tage so zur Verfügung stehst dann würd ich meinen Tag danach ausrichten. Möchte den Trojaner so schnell wie möglich beseitigen weil ich doch ziemlich abhängig von meinem Laptop bin im moment. Bin heute noch ca 4 stunden wach also einfach anschreiben und morgen wie gesagt je nachdem wie du zeit hast. Greets Simon |
|
27.12.2011, 00:32
| #15 | |
| /// Selecta Jahrusso | System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O Ich bin online, wenn ich online bin Wenn es zu langsam geht, dann formatieren und Neuaufsetzen Downloade dir bitte Download UNetbootin, Universal Netboot Installer from SourceForge.net & http://noahdfear.net/downloads/boota...xpud-0.9.2.iso auf deinem Desktop.
Downloade dir bitte Noahdfear's Dumpit Speichere diese auf den xPUD USB Stick. Starte deinen Rechner neu auf.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu System Fix Trojaner und AntiVirus findet Virus BOO.TDss.O |
| alternate, antivirus, avira, bho, c:\windows\system32\rundll32.exe, converter, desktop, error, fehler, firefox, flash player, frage, gfnexsrv.exe, helper, home, iexplore.exe, install.exe, kreditkarte, langs, logfile, mozilla, mp3, neu aufsetzen, plug-in, problem, problem gelöst, realtek, registry, richtlinie, safer networking, sched.exe, security, software, starten, studio, system, trojaner, usb 2.0, virus boo.tdss.o, webcheck, windows, windows 7 64 bit |
Linear-Darstellung
